CVE-2022-29475 MEDIUM

CVE-2022-29475

Vendor Abode Systems, Inc.
Product iota All-In-One Security Kit
Weakness CWE-294
Published October 25, 2022
Last update April 15, 2025

CVSS base score

4.7/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

An information disclosure vulnerability exists in the XFINDER functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted man-in-the-middle attack can lead to increased privileges. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.

Key dates

02Disclosure timeline

October 25, 2022 CVE published
April 15, 2025 Record updated