CVE-2022-31461
Published on June 2, 2022
Owl Labs Meeting Owl 5.2.0.15 allows attackers to deactivate the passcode protection mechanism via a certain c 11 message.
Known Exploited Vulnerability
This Owl Labs Meeting Owl Missing Authentication for Critical Function Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Owl Labs Meeting Owl contains a missing authentication for critical functions vulnerability that allows an attacker to deactivate the passcode protection mechanism via a certain c 11 message.
The following remediation steps are recommended / required by October 9, 2023: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Vulnerability Analysis
Missing Authentication for Critical Function
The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Products Associated with CVE-2022-31461
You can be notified by stack.watch whenever vulnerabilities like CVE-2022-31461 are published in these products:
What versions are vulnerable to CVE-2022-31461?
Each of the following must match for the vulnerability to exist.