CVE-2022-26872

Vulnerability Profile Updated a month ago
Download STIX
Preview STIX
CVE-2022-26872 is a software vulnerability that allows an attacker to reset a password if they can time the attack during a narrow window between when a one-time password is validated and when the new password is sent by the user. This flaw in software design or implementation was revealed by security researchers in January 2023, alongside another vulnerability, CVE-2022-40258. Both of these vulnerabilities were part of a set of bugs affecting AMI MegaRAC BMCs, collectively referred to as BMC&C. Prior to the discovery of CVE-2022-26872, other vulnerabilities within the BMC&C set had been disclosed in December 2022. These included CVE-2022-40259, CVE-2022-40242, and CVE-2022-2827. All these vulnerabilities were revealed by a firmware security company and reported on The Hacker News website. They represent a series of flaws within the AMI MegaRAC BMCs that have posed significant security risks. In conclusion, CVE-2022-26872 is a critical vulnerability that exposes systems to potential unauthorized access. It forms part of a larger group of bugs impacting AMI MegaRAC BMCs, which were disclosed between December 2022 and February 2023. The continual discovery of such vulnerabilities underscores the need for rigorous security practices and regular updates to protect against potential exploits.
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Vulnerability
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2022-40259Unspecified
1
CVE-2022-40259 is a software vulnerability that was part of a series of bugs affecting AMI MegaRAC Baseboard Management Controllers (BMCs), collectively referred to as BMC&C. This flaw in software design or implementation was disclosed along with other vulnerabilities in December 2022, including CVE
CVE-2022-40242Unspecified
1
None
CVE-2022-2827Unspecified
1
None
CVE-2022-40258Unspecified
1
None
Source Document References
Information about the CVE-2022-26872 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
DARKReading
a year ago
Firmware Flaws Could Spell 'Lights Out' for Servers
CERT-EU
a year ago
Critical Flaws in AMI MegaRAC BMC Software Expose Servers to Remote Attacks
CERT-EU
a year ago
【資安日報】2023年2月2日,竊密軟體Vector Stealer被用於挾持遠端桌面連線、駭客透過微軟認證的藍勾勾帳號發動OAuth網釣
CERT-EU
a year ago
New Severe Vulnerabilities Found in AMI MegaRAC BMC Software