Login Sign Up

CVE-2022-25806

8.8 HIGH
Authentication Bypass

📋 TL;DR

CVE-2022-25806 is a hardcoded cryptographic key vulnerability in IGEL Universal Management Suite (UMS) that allows attackers to decrypt superuser credentials. Organizations using affected UMS versions are at risk of credential compromise and potential administrative takeover.

💻 Affected Systems

Products:
  • IGEL Universal Management Suite (UMS)
Versions: 6.07.100 and potentially earlier versions
Operating Systems: Windows, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: All deployments using the affected UMS version are vulnerable regardless of configuration.

📦 What is this software?

Universal Management Suite by Igel

View all CVEs affecting Universal Management Suite →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full administrative compromise of the UMS environment, enabling attackers to deploy malicious configurations, access managed endpoints, and pivot to other systems.

🟠

Likely Case

Attackers gain administrative access to UMS, allowing them to modify endpoint configurations, deploy unauthorized software, and potentially access sensitive data.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring, though credential exposure still poses significant risk.

🌐 Internet-Facing: HIGH if UMS is exposed to internet, as attackers can remotely exploit to gain administrative access.
🏢 Internal Only: HIGH as internal attackers or compromised systems can exploit this to escalate privileges and compromise the management infrastructure.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires access to encrypted credential files, which may be obtained through other vulnerabilities or improper access controls.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.07.200 or later

Vendor Advisory: https://www.igel.com/igel-solution-family/universal-management-suite/

Restart Required: Yes

Instructions:

1. Download latest UMS version from IGEL portal. 2. Backup current configuration. 3. Install update following vendor documentation. 4. Restart UMS services. 5. Verify functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict access to UMS management interface to trusted networks only

Credential Rotation

all

Change all administrative credentials after patching

🧯 If You Can't Patch

  • Isolate UMS server from internet and restrict internal access to only necessary administrators
  • Implement strict monitoring for unusual administrative activities and credential access attempts

🔍 How to Verify

Check if Vulnerable:

Check UMS version in administration interface or via 'ums-version' command on server

Check Version:

ums-version

Verify Fix Applied:

Confirm version is 6.07.200 or later and test credential encryption functionality

📡 Detection & Monitoring

Log Indicators:

  • Unusual administrative logins
  • Multiple failed credential decryption attempts
  • Unexpected configuration changes

Network Indicators:

  • Unusual connections to UMS management port (default 8443)
  • Traffic patterns suggesting credential extraction

SIEM Query:

source="UMS" AND (event_type="admin_login" OR event_type="config_change") AND user="superuser"

📊 Metadata

CVE ID: CVE-2022-25806
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-798
Published: June 9, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-25806, you might also want to check these:

CVE-2025-20188 10.0

This critical vulnerability in Cisco IOS XE Wireless LAN Controllers allows unauthenticated remote a...

Same vulnerability type (CWE-798)
CVE-2026-22769 10.0

Dell RecoverPoint for Virtual Machines versions before 6.0.3.1 HF1 contain hardcoded credentials tha...

Same vulnerability type (CWE-798)
CVE-2021-0248 10.0

This vulnerability involves hard-coded credentials in Juniper Junos OS on NFX Series devices, allowi...

Same vulnerability type (CWE-798)