How severe is CVE-2022-0022?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.4 out of 10.

What type of vulnerability is CVE-2022-0022?

This is classified as CWE-916, which is a common weakness in software security.

CVE-2022-0022 - MEDIUM Severity | CVSS 4.4

Vulnerability Description

Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS software where the password hashes of administrator and local user accounts are not created with a sufficient level of computational effort, which allows for password cracking attacks on accounts in normal (non-FIPS-CC) operational mode. An attacker must have access to the account password hashes to take advantage of this weakness and can acquire those hashes if they are able to gain access to the PAN-OS software configuration. Fixed versions of PAN-OS software use a secure cryptographic algorithm for account password hashes. This issue does not impact Prisma Access firewalls. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.21; All versions of PAN-OS 9.0; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11; PAN-OS 10.0 versions earlier than PAN-OS 10.0.7.

Related Vulnerabilities

CVE-2020-27693

MEDIUM

CVSS:4.4(Medium)

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 stores administrative passwords using a hash that is considered outdated.

CWE-9162020

CVE-2021-38979

MEDIUM

CVSS:4.4(Medium)

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a sal...

CWE-9162021

CVE-2024-21754

MEDIUM

CVSS:4.4(Medium)

A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy ver...

CWE-9162024

CVE-2022-29731

MEDIUM

CVSS:4.3(Medium)

An access control issue in ICT Protege GX/WX 2.08 allows attackers to leak SHA1 password hashes of other users.

CWE-9162022

CVE-2024-2365

MEDIUM

CVSS:4.2(Medium)

A vulnerability classified as problematic was found in Musicshelf 1.0/1.1 on Android. Affected by this vulnerability is an unknown functionality of the file io\fabric\sdk\android\services\network\Pinn...

CWE-9162024

CVE-2020-6780

MEDIUM

CVSS:4.9(Medium)

Use of Password Hash With Insufficient Computational Effort in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows a remote attacker with admin privi...

CWE-9162020