VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-bme2-efqx-aaaa

Essentials
Severities (110)
References (32)
Severity details (17)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-bme2-efqx-aaaa
Aliases	CVE-2022-24903
Summary	Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code execution. But there may still be a slight chance for experts to do that. The bug occurs when the octet count is read. While there is a check for the maximum number of octets, digits are written to a heap buffer even when the octet count is over the maximum, This can be used to overrun the memory buffer. However, once the sequence of digits stop, no additional characters can be added to the buffer. In our opinion, this makes remote exploits impossible or at least highly complex. Octet-counted framing is one of two potential framing modes. It is relatively uncommon, but enabled by default on receivers. Modules `imtcp`, `imptcp`, `imgssapi`, and `imhttp` are used for regular syslog message reception. It is best practice not to directly expose them to the public. When this practice is followed, the risk is considerably lower. Module `imdiag` is a diagnostics module primarily intended for testbench runs. We do not expect it to be present on any production installation. Octet-counted framing is not very common. Usually, it needs to be specifically enabled at senders. If users do not need it, they can turn it off for the most important modules. This will mitigate the vulnerability.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1284	Improper Validation of Specified Quantity in Input
CWE-787	Out-of-bounds Write
CWE-120	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

System	Score	Found at
rhas	Important	https://access.redhat.com/errata/RHSA-2022:4795
rhas	Important	https://access.redhat.com/errata/RHSA-2022:4799
rhas	Important	https://access.redhat.com/errata/RHSA-2022:4800
rhas	Important	https://access.redhat.com/errata/RHSA-2022:4801
rhas	Important	https://access.redhat.com/errata/RHSA-2022:4802
rhas	Important	https://access.redhat.com/errata/RHSA-2022:4803
rhas	Important	https://access.redhat.com/errata/RHSA-2022:4808
rhas	Important	https://access.redhat.com/errata/RHSA-2022:4896
rhas	Important	https://access.redhat.com/errata/RHSA-2022:5439
cvssv3	8.1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24903.json
epss	0.00751	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.00751	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.00985	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.00985	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.00985	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.00985	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.00985	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.00985	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.00985	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.00985	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.00985	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.00985	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.00985	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.00985	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.00985	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.00985	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.00985	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.00985	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.00985	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.00985	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.00985	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.00985	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.00985	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.00985	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.00985	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.00985	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.00985	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.00985	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.00985	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.00985	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.00985	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.01011	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.01011	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.01011	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.01011	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.01011	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.01011	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.01011	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.01011	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.01011	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.01011	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.01011	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.01011	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.01011	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.01172	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.01172	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.01172	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.01172	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.01172	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.01172	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.01172	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.01172	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.01172	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.01172	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.01172	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.01172	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.01172	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.01172	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.01172	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.01172	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.01172	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.01172	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.01172	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.01172	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.01172	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.01328	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.02875	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.13979	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.13979	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.13979	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.13979	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.19099	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.21819	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.21819	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.21819	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.21819	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.21819	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.21819	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.21819	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.21819	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.23834	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.23834	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss	0.23834	https://api.first.org/data/v1/epss?cve=CVE-2022-24903
rhbs	high	https://bugzilla.redhat.com/show_bug.cgi?id=2081353
cvssv3.1	8.1	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	8.1	https://github.com/rsyslog/rsyslog/commit/f211042ecbb472f9d8beb4678a65d272b6f07705
ssvc	Track	https://github.com/rsyslog/rsyslog/commit/f211042ecbb472f9d8beb4678a65d272b6f07705
cvssv3.1	8.1	https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8
ssvc	Track	https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8
cvssv3.1	8.1	https://lists.debian.org/debian-lts-announce/2022/05/msg00028.html
ssvc	Track	https://lists.debian.org/debian-lts-announce/2022/05/msg00028.html
cvssv3.1	8.1	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GMNNXLCU2UORRVSZO24HL4KMVPK5PHVW/
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GMNNXLCU2UORRVSZO24HL4KMVPK5PHVW/
cvssv2	6.8	https://nvd.nist.gov/vuln/detail/CVE-2022-24903
cvssv3	8.1	https://nvd.nist.gov/vuln/detail/CVE-2022-24903
cvssv3.1	8.1	https://nvd.nist.gov/vuln/detail/CVE-2022-24903
cvssv3.1	8.1	https://security.netapp.com/advisory/ntap-20221111-0002/
ssvc	Track	https://security.netapp.com/advisory/ntap-20221111-0002/
cvssv3.1	8.1	https://www.debian.org/security/2022/dsa-5150
ssvc	Track	https://www.debian.org/security/2022/dsa-5150

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24903.json
		https://api.first.org/data/v1/epss?cve=CVE-2022-24903
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24903
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/rsyslog/rsyslog/commit/f211042ecbb472f9d8beb4678a65d272b6f07705
		https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8
		https://lists.debian.org/debian-lts-announce/2022/05/msg00028.html
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GMNNXLCU2UORRVSZO24HL4KMVPK5PHVW/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GMNNXLCU2UORRVSZO24HL4KMVPK5PHVW/
		https://security.netapp.com/advisory/ntap-20221111-0002/
		https://www.debian.org/security/2022/dsa-5150
1010619		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010619
2081353		https://bugzilla.redhat.com/show_bug.cgi?id=2081353
cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
cpe:2.3:a:rsyslog:rsyslog::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rsyslog:rsyslog::::::::
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
cpe:2.3:o:debian:debian_linux:11.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:::::::*
cpe:2.3:o:debian:debian_linux:9.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
cpe:2.3:o:fedoraproject:fedora:35:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:::::::*
CVE-2022-24903		https://nvd.nist.gov/vuln/detail/CVE-2022-24903
GLSA-202408-28		https://security.gentoo.org/glsa/202408-28
RHSA-2022:4795		https://access.redhat.com/errata/RHSA-2022:4795
RHSA-2022:4799		https://access.redhat.com/errata/RHSA-2022:4799
RHSA-2022:4800		https://access.redhat.com/errata/RHSA-2022:4800
RHSA-2022:4801		https://access.redhat.com/errata/RHSA-2022:4801
RHSA-2022:4802		https://access.redhat.com/errata/RHSA-2022:4802
RHSA-2022:4803		https://access.redhat.com/errata/RHSA-2022:4803
RHSA-2022:4808		https://access.redhat.com/errata/RHSA-2022:4808
RHSA-2022:4896		https://access.redhat.com/errata/RHSA-2022:4896
RHSA-2022:5439		https://access.redhat.com/errata/RHSA-2022:5439
USN-5404-1		https://usn.ubuntu.com/5404-1/
USN-5404-2		https://usn.ubuntu.com/5404-2/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24903.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/rsyslog/rsyslog/commit/f211042ecbb472f9d8beb4678a65d272b6f07705

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:53:40Z/ Found at https://github.com/rsyslog/rsyslog/commit/f211042ecbb472f9d8beb4678a65d272b6f07705

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:53:40Z/ Found at https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2022/05/msg00028.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:53:40Z/ Found at https://lists.debian.org/debian-lts-announce/2022/05/msg00028.html

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GMNNXLCU2UORRVSZO24HL4KMVPK5PHVW/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:53:40Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GMNNXLCU2UORRVSZO24HL4KMVPK5PHVW/

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2022-24903

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-24903

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-24903

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://security.netapp.com/advisory/ntap-20221111-0002/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:53:40Z/ Found at https://security.netapp.com/advisory/ntap-20221111-0002/

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.debian.org/security/2022/dsa-5150

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:53:40Z/ Found at https://www.debian.org/security/2022/dsa-5150

Exploit Prediction Scoring System (EPSS)

Percentile	0.70851
EPSS Score	0.00751
Published At	March 28, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.