Base Score

CRITICAL9.1

CVE-2022-24976

Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication bypass by ending an IRC handshake at a certain point during a challenge-response login sequence.

VectorNETWORK

Published Bycve@mitre.org

Published DateFeb 14, 2022, 12:15

Weakness Type (CWE):CWE-287

CVSS Metrics

Base Score

9.1

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Base Severity

CRITICAL

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

NONE

References

https://github.com/atheme/atheme/commit/4e664c75d0b280a052eb8b5e81aa41944e593c52
https://github.com/atheme/atheme/compare/v7.2.11...v7.2.12
https://www.openwall.com/lists/oss-security/2022/01/30/4

Base Score

CRITICAL9.1

Weakness Type (CWE):CWE-287

CVSS Metrics

Base Score

9.1

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Base Severity

CRITICAL

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

NONE