CVE-2022-43485 MEDIUM

CVE-2022-43485: Insecure random number used for generating keys for signing Jwt tokens

Vendor Honeywell
Product OneWireless
Weakness CWE-330 · Insufficient randomness
Published May 30, 2023
Last update January 9, 2025

CVSS base score

6.2/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:N

What the vulnerability does

01Description

Use of Insufficiently Random Values in Honeywell OneWireless. This vulnerability may allow attacker to manipulate claims in client's JWT token. This issue affects OneWireless version 322.1

Key dates

02Disclosure timeline

May 30, 2023 CVE published
January 9, 2025 Record updated