CVE-2022-50800

Published: Dic 30, 2025 Last Modified: Dic 31, 2025
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 6,9
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A
HIGH 7,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none

Description

AI Translation Available

H3C SSL VPN contains a user enumeration vulnerability that allows attackers to identify valid usernames through the 'txtUsrName' POST parameter. Attackers can submit different usernames to the login_submit.cgi endpoint and analyze response messages to distinguish between existing and non-existing accounts.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0005
Percentile
0,1th
Updated

EPSS Score Trend (Last 76 Days)

203

Observable Discrepancy

Incomplete
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Access Control
Potential Impacts:
Read Application Data Bypass Protection Mechanism
Applicable Platforms
All platforms may be affected
View CWE Details
https://www.exploit-db.com/exploits/50742
https://www.exploit-db.com/exploits/50742
https://www.h3c.com
https://www.h3c.com
https://www.vulncheck.com/advisories/hc-ssl-vpn-na-username…
https://www.vulncheck.com/advisories/hc-ssl-vpn-na-username-enumeration-via-log…
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5697…
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5697.php