CVE-2022-3090
Summary
| CVE | CVE-2022-3090 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-11-17 22:15:00 UTC |
| Updated | 2022-11-22 19:54:00 UTC |
| Description | Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson 3.2 versions 3.2.0044.0 and prior are vulnerable to path traversal. When attempting to open a file using a specific path, the user's password hash is sent to an arbitrary host. This could allow an attacker to obtain user credential hashes. |
Risk And Classification
Problem Types: CWE-22
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Redlion | Crimson | All | All | All | All |
| Application | Redlion | Crimson | 3.0 | - | All | All |
| Application | Redlion | Crimson | 3.0 | build_477.003 | All | All |
| Application | Redlion | Crimson | 3.0 | build_493.003 | All | All |
| Application | Redlion | Crimson | 3.0 | build_493.004 | All | All |
| Application | Redlion | Crimson | 3.0 | build_493.005 | All | All |
| Application | Redlion | Crimson | 3.0 | build_502.000 | All | All |
| Application | Redlion | Crimson | 3.0 | build_502.001 | All | All |
| Application | Redlion | Crimson | 3.0 | build_502.003 | All | All |
| Application | Redlion | Crimson | 3.0 | build_515.002 | All | All |
| Application | Redlion | Crimson | 3.0 | build_515.003 | All | All |
| Application | Redlion | Crimson | 3.0 | build_523.003 | All | All |
| Application | Redlion | Crimson | 3.0 | build_530.000 | All | All |
| Application | Redlion | Crimson | 3.0 | build_530.001 | All | All |
| Application | Redlion | Crimson | 3.0 | build_530.002 | All | All |
| Application | Redlion | Crimson | 3.0 | build_530.003 | All | All |
| Application | Redlion | Crimson | 3.0 | build_548.001 | All | All |
| Application | Redlion | Crimson | 3.0 | build_548.005 | All | All |
| Application | Redlion | Crimson | 3.0 | build_573.001 | All | All |
| Application | Redlion | Crimson | 3.0 | build_573.002 | All | All |
| Application | Redlion | Crimson | 3.0 | build_579.001 | All | All |
| Application | Redlion | Crimson | 3.0 | build_579.003 | All | All |
| Application | Redlion | Crimson | 3.0 | build_582.000 | All | All |
| Application | Redlion | Crimson | 3.0 | build_582.001 | All | All |
| Application | Redlion | Crimson | 3.0 | build_582.003 | All | All |
| Application | Redlion | Crimson | 3.0 | build_582.004 | All | All |
| Application | Redlion | Crimson | 3.0 | build_599.000 | All | All |
| Application | Redlion | Crimson | 3.0 | build_599.001 | All | All |
| Application | Redlion | Crimson | 3.0 | build_603.000 | All | All |
| Application | Redlion | Crimson | 3.0 | build_605.002 | All | All |
| Application | Redlion | Crimson | 3.0 | build_615.004 | All | All |
| Application | Redlion | Crimson | 3.0 | build_619.002 | All | All |
| Application | Redlion | Crimson | 3.0 | build_619.004 | All | All |
| Application | Redlion | Crimson | 3.0 | build_624.000 | All | All |
| Application | Redlion | Crimson | 3.0 | build_624.005 | All | All |
| Application | Redlion | Crimson | 3.0 | build_635.000 | All | All |
| Application | Redlion | Crimson | 3.0 | build_635.001 | All | All |
| Application | Redlion | Crimson | 3.0 | build_639.000 | All | All |
| Application | Redlion | Crimson | 3.0 | build_640.000 | All | All |
| Application | Redlion | Crimson | 3.0 | build_640.001 | All | All |
| Application | Redlion | Crimson | 3.0 | build_640.002 | All | All |
| Application | Redlion | Crimson | 3.0 | build_647.002 | All | All |
| Application | Redlion | Crimson | 3.0 | build_657.001 | All | All |
| Application | Redlion | Crimson | 3.0 | build_657.003 | All | All |
| Application | Redlion | Crimson | 3.0 | build_662.002 | All | All |
| Application | Redlion | Crimson | 3.0 | build_662.006 | All | All |
| Application | Redlion | Crimson | 3.0 | build_675.000 | All | All |
| Application | Redlion | Crimson | 3.0 | build_678.002 | All | All |
| Application | Redlion | Crimson | 3.0 | build_683.000 | All | All |
| Application | Redlion | Crimson | 3.0 | build_683.001 | All | All |
| Application | Redlion | Crimson | 3.0 | build_683.002 | All | All |
| Application | Redlion | Crimson | 3.0 | build_690.001 | All | All |
| Application | Redlion | Crimson | 3.0 | build_690.002 | All | All |
| Application | Redlion | Crimson | 3.0 | build_693.000 | All | All |
| Application | Redlion | Crimson | 3.0 | build_694.000 | All | All |
| Application | Redlion | Crimson | 3.0 | build_697.001 | All | All |
| Application | Redlion | Crimson | 3.0 | build_697.002 | All | All |
| Application | Redlion | Crimson | 3.0 | build_697.003 | All | All |
| Application | Redlion | Crimson | 3.0 | build_700.000 | All | All |
| Application | Redlion | Crimson | 3.0 | build_702.002 | All | All |
| Application | Redlion | Crimson | 3.0 | build_702.004 | All | All |
| Application | Redlion | Crimson | 3.0 | build_703.001 | All | All |
| Application | Redlion | Crimson | 3.0 | build_705.000 | All | All |
| Application | Redlion | Crimson | 3.0 | build_707.000 | All | All |
| Application | Redlion | Crimson | 3.1 | - | All | All |
| Application | Redlion | Crimson | 3.1 | build_3100.000 | All | All |
| Application | Redlion | Crimson | 3.1 | build_3100.002 | All | All |
| Application | Redlion | Crimson | 3.1 | build_3100.003 | All | All |
| Application | Redlion | Crimson | 3.1 | build_3100.008 | All | All |
| Application | Redlion | Crimson | 3.1 | build_3100.009 | All | All |
| Application | Redlion | Crimson | 3.1 | build_3100.010 | All | All |
| Application | Redlion | Crimson | 3.1 | build_3101.001 | All | All |
| Application | Redlion | Crimson | 3.1 | build_3104.000 | All | All |
| Application | Redlion | Crimson | 3.1 | build_3106.000 | All | All |
| Application | Redlion | Crimson | 3.1 | build_3106.004 | All | All |
| Application | Redlion | Crimson | 3.1 | build_3108.002 | All | All |
| Application | Redlion | Crimson | 3.1 | build_3108.004 | All | All |
| Application | Redlion | Crimson | 3.1 | build_3109.003 | All | All |
| Application | Redlion | Crimson | 3.1 | build_3109.004 | All | All |
| Application | Redlion | Crimson | 3.1 | build_3110.000 | All | All |
| Application | Redlion | Crimson | 3.1 | build_3110.002 | All | All |
| Application | Redlion | Crimson | 3.1 | build_3110.004 | All | All |
| Application | Redlion | Crimson | 3.1 | build_3111.000 | All | All |
| Application | Redlion | Crimson | 3.1 | build_3112.000 | All | All |
| Application | Redlion | Crimson | 3.1 | build_3113.000 | All | All |
| Application | Redlion | Crimson | 3.1 | build_3114.002 | All | All |
| Application | Redlion | Crimson | 3.1 | build_3115.006 | All | All |
| Application | Redlion | Crimson | 3.1 | build_3115.008 | All | All |
| Application | Redlion | Crimson | 3.1 | build_3115.009 | All | All |
| Application | Redlion | Crimson | 3.1 | build_3116.000 | All | All |
| Application | Redlion | Crimson | 3.1 | build_3119.001 | All | All |
| Application | Redlion | Crimson | 3.1 | build_3119.002 | All | All |
| Application | Redlion | Crimson | 3.1 | build_3120.000 | All | All |
| Application | Redlion | Crimson | 3.1 | build_3120.001 | All | All |
| Application | Redlion | Crimson | 3.1 | build_3121.000 | All | All |
| Application | Redlion | Crimson | 3.1 | build_3122.000 | All | All |
| Application | Redlion | Crimson | 3.1 | build_3122.001 | All | All |
| Application | Redlion | Crimson | 3.1 | build_3123.000 | All | All |
| Application | Redlion | Crimson | 3.1 | build_3123.001 | All | All |
| Application | Redlion | Crimson | 3.1 | build_3124.000 | All | All |
| Application | Redlion | Crimson | 3.1 | build_3125.003 | All | All |
| Application | Redlion | Crimson | 3.1 | build_3125.006 | All | All |
| Application | Redlion | Crimson | 3.1 | build_3125.007 | All | All |
| Application | Redlion | Crimson | 3.1 | build_3126.000 | All | All |
| Application | Redlion | Crimson | 3.1 | build_3126.001 | All | All |
| Application | Redlion | Crimson | 3.2 | - | All | All |
| Application | Redlion | Crimson | 3.2 | build_3.2.0008.0 | All | All |
| Application | Redlion | Crimson | 3.2 | build_3.2.0014.0 | All | All |
| Application | Redlion | Crimson | 3.2 | build_3.2.0015.0 | All | All |
| Application | Redlion | Crimson | 3.2 | build_3.2.0016.0 | All | All |
| Application | Redlion | Crimson | 3.2 | build_3.2.0020.0 | All | All |
| Application | Redlion | Crimson | 3.2 | build_3.2.0021.0 | All | All |
| Application | Redlion | Crimson | 3.2 | build_3.2.0025.0 | All | All |
| Application | Redlion | Crimson | 3.2 | build_3.2.0026.0 | All | All |
| Application | Redlion | Crimson | 3.2 | build_3.2.0030.0 | All | All |
| Application | Redlion | Crimson | 3.2 | build_3.2.0031.0 | All | All |
| Application | Redlion | Crimson | 3.2 | build_3.2.0035.0 | All | All |
| Application | Redlion | Crimson | 3.2 | build_3.2.0036.0 | All | All |
| Application | Redlion | Crimson | 3.2 | build_3.2.0040.0 | All | All |
| Application | Redlion | Crimson | 3.2 | build_3.2.0041.0 | All | All |
| Application | Redlion | Crimson | 3.2 | build_3.2.0044.0 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Red Lion Crimson | CISA | MISC | www.cisa.gov | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Dragos reported this vulnerability to Red Lion Controls, who reported this vulnerability to CISA
Legacy QID Mappings
- 591300 Red Lion Crimson Path Traversal Vulnerabilities(ICSA-22-321-01)