CVE-2022-40022

critical

Description

Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulnerability.

References

https://www.securifera.com/advisories/CVE-2022-40022/

https://www.microsemi.com/document-portal/doc_download/135737-datasheet-syncserver-s650

https://www.microsemi.com/campaigns/network-time-servers/syncserver-s600/?url=

https://www.microsemi.com/campaigns/network-time-servers/S650p/%3Fgd%3D1&id=5&gclid=Cj0KCQjwjbyYBhCdARIsAArC6LL-202ej5YfDB5lMIMSZ2735qjo5yaj2i-PrvLv2Cnh_kIJtFJ0oF8aAlMpEALw_wcB

http://packetstormsecurity.com/files/172907/Symmetricom-SyncServer-Unauthenticated-Remote-Command-Execution.html

Details

Source: Mitre, NVD

Published: 2023-02-13

Updated: 2025-03-21

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.89961