Login Sign Up

CVE-2022-25569

9.8 CRITICAL

📋 TL;DR

Bettini Srl GAMS Product Line v4.3.0 uses the same static SSH private key across all installations, allowing attackers to extract the key from the software and gain root access to affected systems. This affects all installations of the vulnerable version. Attackers can exploit this without authentication.

💻 Affected Systems

Products:
  • Bettini Srl GAMS Product Line
Versions: v4.3.0
Operating Systems: Linux-based systems running the software
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of v4.3.0 are vulnerable regardless of configuration.

📦 What is this software?

Sgsetup by Bettinivideo

View all CVEs affecting Sgsetup →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with root access, data theft, ransomware deployment, and use as pivot point for lateral movement.

🟠

Likely Case

Unauthorized root access leading to data exfiltration, installation of backdoors, and system manipulation.

🟢

If Mitigated

Limited impact if SSH access is blocked at network perimeter and systems are isolated.

🌐 Internet-Facing: HIGH - Systems exposed to internet can be directly compromised by any attacker with the static key.
🏢 Internal Only: HIGH - Internal attackers or compromised systems can exploit this across the network.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Attack requires extracting the static SSH key from the software package and using standard SSH client tools.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No vendor advisory found

Restart Required: No

Instructions:

Contact vendor for updated version. If unavailable, implement workarounds immediately.

🔧 Temporary Workarounds

Disable SSH root login

linux

Prevent root login via SSH in sshd_config

echo 'PermitRootLogin no' >> /etc/ssh/sshd_config
systemctl restart sshd

Change SSH keys

linux

Generate and deploy new SSH host keys

rm /etc/ssh/ssh_host_*
dpkg-reconfigure openssh-server
systemctl restart sshd

Block SSH access

linux

Use firewall to restrict SSH access to trusted IPs only

iptables -A INPUT -p tcp --dport 22 -s TRUSTED_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j DROP

🧯 If You Can't Patch

  • Isolate affected systems in separate network segment with strict access controls
  • Implement multi-factor authentication and monitor all SSH access attempts

🔍 How to Verify

Check if Vulnerable:

Check if running GAMS Product Line v4.3.0 and examine SSH host keys for known static values

Check Version:

Check software documentation or contact vendor for version information

Verify Fix Applied:

Verify SSH host keys have been changed and root login is disabled in sshd_config

📡 Detection & Monitoring

Log Indicators:

  • Failed SSH login attempts followed by successful root login
  • SSH connections from unexpected sources

Network Indicators:

  • SSH traffic to affected systems from unauthorized IPs
  • Unusual SSH session patterns

SIEM Query:

source="sshd" AND (user="root" OR auth_method="publickey") | stats count by src_ip

📊 Metadata

CVE ID: CVE-2022-25569
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-798
Published: April 4, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-25569, you might also want to check these:

CVE-2025-20188 10.0

This critical vulnerability in Cisco IOS XE Wireless LAN Controllers allows unauthenticated remote a...

Same vulnerability type (CWE-798)
CVE-2026-22769 10.0

Dell RecoverPoint for Virtual Machines versions before 6.0.3.1 HF1 contain hardcoded credentials tha...

Same vulnerability type (CWE-798)
CVE-2021-0248 10.0

This vulnerability involves hard-coded credentials in Juniper Junos OS on NFX Series devices, allowi...

Same vulnerability type (CWE-798)