Web: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36385

Sept. 13, 2022, 3:15 p.m. |

National Vulnerability Database nist.gov

A threat actor with momentary access to the device can plug in a USB drive and perform a malicious firmware update, resulting in permanent changes to device functionality. No authentication or controls are in place to prevent a threat actor from maliciously modifying firmware and performing a drive-by attack to load the firmware on any CMS8000 device.

cve

Cybersecurity Engineer

@ Apercen Partners LLC | Folsom, CA

IDM Sr. Security Developer

@ The Ohio State University | Columbus, OH, United States

IT Security Engineer

@ Stylitics | New York City

Information Security Engineer

@ VDA Labs | Remote

Information Security Analyst

@ Metropolitan Transportation Commission | San Francisco, CA

IT Security Manager - Stamford or Middletown Location

@ Charles IT | Middletown, Connecticut, United States

Cyber Security Analyst - Sr. Consultant Level

@ Visa | Ashburn, VA, United States

Staff Information Security Engineer

@ ServiceNow | Atlanta, Georgia, United States

Senior Compliance Program Manager

@ Zscaler | San Jose, CA, United States

Supervisor, F&I Trainer and Compliance Financial Services

@ Lucid Motors | Newark, CA

Senior Information Security Analyst

@ RecargaPay | São Paulo, State of São Paulo, Brazil - Remote

IT Security Engineer - Middletown Location

@ Charles IT | Middletown, Connecticut, United States