How severe is CVE-2022-25166?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5 out of 10.

What type of vulnerability is CVE-2022-25166?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2022-25166

MEDIUM Year: 2022

CVSS v3 Score

5.0

Medium

CVSS v2 Score

4.3

Medium

Weakness Type

CWE-200

View all →

Vulnerability Description

An issue was discovered in Amazon AWS VPN Client 2.0.0. It is possible to include a UNC path in the OpenVPN configuration file when referencing file paths for parameters (such as auth-user-pass). When this file is imported and the client attempts to validate the file path, it performs an open operation on the path and leaks the user's Net-NTLMv2 hash to an external server. This could be exploited by having a user open a crafted malicious ovpn configuration file.

CVE-2015-2253

MEDIUM

CVSS:5.0(Medium)

The XML interface in Huawei OceanStor UDS devices with software before V100R002C01SPC102 allows remote authenticated users to obtain sensitive information via a crafted XML document.

CWE-2002015

CVE-2016-0073

MEDIUM

CVSS:5.0(Medium)

The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an ...

CWE-2002016

CVE-2016-0079

MEDIUM

CVSS:5.0(Medium)

The kernel in Microsoft Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Win...

CWE-2002016

CVE-2016-3232

MEDIUM

CVSS:5.0(Medium)

The Virtual PCI (VPCI) virtual service provider in Microsoft Windows Server 2012 Gold and R2 allows local users to obtain sensitive information from uninitialized memory locations via a crafted applic...

CWE-2002016

CVE-2016-3256

MEDIUM

CVSS:5.0(Medium)

Microsoft Windows 10 Gold and 1511 allows local users to bypass the Secure Kernel Mode protection mechanism and obtain sensitive information via a crafted application, aka "Windows Secure Kernel Mode ...

CWE-2002016

CVE-2017-0282

MEDIUM

CVSS:5.0(Medium)

Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2...

CWE-2002017

CVE-2022-25166

Vulnerability Description

Related Vulnerabilities

CVE-2015-2253

CVE-2016-0073

CVE-2016-0079

CVE-2016-3232

CVE-2016-3256

CVE-2017-0282