CVE-2022-26872

Vulnerability updated a month ago (2024-11-29T13:31:32.272Z)
Download STIX
Preview STIX
CVE-2022-26872 is a software vulnerability that allows an attacker to reset a password if they can time the attack during a narrow window between when a one-time password is validated and when the new password is sent by the user. This flaw in software design or implementation was revealed by security researchers in January 2023, alongside another vulnerability, CVE-2022-40258. Both of these vulnerabilities were part of a set of bugs affecting AMI MegaRAC BMCs, collectively referred to as BMC&C. Prior to the discovery of CVE-2022-26872, other vulnerabilities within the BMC&C set had been disclosed in December 2022. These included CVE-2022-40259, CVE-2022-40242, and CVE-2022-2827. All these vulnerabilities were revealed by a firmware security company and reported on The Hacker News website. They represent a series of flaws within the AMI MegaRAC BMCs that have posed significant security risks. In conclusion, CVE-2022-26872 is a critical vulnerability that exposes systems to potential unauthorized access. It forms part of a larger group of bugs impacting AMI MegaRAC BMCs, which were disclosed between December 2022 and February 2023. The continual discovery of such vulnerabilities underscores the need for rigorous security practices and regular updates to protect against potential exploits.
Description last updated: 2024-05-04T19:51:59.550Z
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the CVE-2022-26872 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more