cbcvebase.
CVE-2022-43400
published 2022-10-21

CVE-2022-43400: A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions < V22.2a (80)). The mobile server component of affected…

PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.88%
54.7th percentile
A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions < V22.2a (80)). The mobile server component of affected applications improperly handles the log in for Active Directory accounts that are part of Administrators group. This could allow an unauthenticated remote attacker to access the application without a valid account.

Affected

2 ranges
VendorProductVersion rangeFixed in
siemenssiveillance_video_mobile_server< 22.2a\(80\)22.2a\(80\)
siemenssiveillance_video_mobile_server_v2022_r2

Detection & IOCsextracted from sources · hover to see the quote

  • Target authentication bypass against Siveillance Video Mobile Server — look for unauthenticated remote login attempts to the mobile server component, especially using Active Directory accounts that are members of the built-in Administrators group
  • Alert on successful authentication events to the Siveillance Video Mobile Server that lack a corresponding valid credential exchange — indicative of authentication bypass (CWE-1390 Weak Authentication)
  • Monitor network traffic for remote, unauthenticated access attempts to the Mobile Server; exploitation requires no privileges and no user interaction (PR:N/UI:N) over the network (AV:N/AC:L)
  • ·Vulnerability only affects Siveillance Video Mobile Server V2022 R2 versions prior to V22.2a(80); patched installations are not affected
  • ·The authentication bypass specifically involves Active Directory accounts that are members of the built-in Administrators group; detection logic should focus on this account class
  • ·No known public exploits specifically target this vulnerability at time of advisory publication
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.