CVE-2022-33202 – This CVE describes an authentication bypass vul... (How to Fix)

Q: What is the severity of CVE-2022-33202?

CVE-2022-33202 has a CVSS score of 8.1 (HIGH). This CVE describes an authentication bypass vulnerability in L2Blocker network security devices. An adjacent attacker can bypass login authentication on the setup screen to gain unauthorized access, potentially accessing stored information or causing device malfunctions. Affected users include organizations using L2Blocker(on-premise) or L2Blocker(Cloud) versions 4.8.5 and earlier.

📋 TL;DR

This CVE describes an authentication bypass vulnerability in L2Blocker network security devices. An adjacent attacker can bypass login authentication on the setup screen to gain unauthorized access, potentially accessing stored information or causing device malfunctions. Affected users include organizations using L2Blocker(on-premise) or L2Blocker(Cloud) versions 4.8.5 and earlier.

💻 Affected Systems

Products:

L2Blocker(on-premise)
L2Blocker(Cloud)

Versions: 4.8.5 and earlier

Operating Systems: Not specified - appliance-based

Default Config Vulnerable: ⚠️ Yes

Notes: Requires adjacent network access; vulnerability is in the setup screen authentication mechanism

📦 What is this software?

L2blocker by Softcreate

View all CVEs affecting L2blocker →

L2blocker by Softcreate

View all CVEs affecting L2blocker →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the L2Blocker device allowing attacker to access all stored network security data, modify configurations to disable security controls, and potentially pivot to other network systems.

🟠

Likely Case

Unauthorized access to device configuration and stored network monitoring data, potentially exposing sensitive network information and allowing disruption of security functions.

🟢

If Mitigated

Limited impact if device is isolated from critical systems and access controls are properly implemented at network boundaries.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires adjacent network access but no authentication; described as using alternative paths/channels to bypass authentication

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 4.8.5

Vendor Advisory: https://www.softcreate.co.jp/news/detail/210

Restart Required: Yes

Instructions:

1. Check current L2Blocker version. 2. Download and apply update from vendor. 3. Restart device. 4. Verify update applied successfully.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate L2Blocker devices to prevent adjacent attacker access

Access Control Restrictions

all

Implement strict network access controls to limit who can reach L2Blocker management interfaces

🧯 If You Can't Patch

Isolate L2Blocker devices on separate VLAN with strict access controls
Disable remote management interfaces and require physical console access for configuration

🔍 How to Verify

Check if Vulnerable:

Check L2Blocker version in device administration interface; if version is 4.8.5 or earlier, device is vulnerable

Check Version:

Check via L2Blocker web interface or console: version command varies by specific device model

Verify Fix Applied:

Verify version is updated to later than 4.8.5 and test authentication bypass attempts fail

📡 Detection & Monitoring

Log Indicators:

Multiple failed login attempts followed by successful access
Unauthorized access from unexpected IP addresses
Configuration changes from unauthenticated sources

Network Indicators:

Unusual traffic patterns to L2Blocker management interfaces
Authentication bypass attempts on setup screen ports

SIEM Query:

source_ip=* AND destination_ip=L2Blocker_IP AND (event_type="authentication" OR event_type="configuration_change") AND result="success" FROM unknown_users

📊 Metadata

CVE ID: CVE-2022-33202

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-287

Published: June 27, 2022

Last Updated: November 21, 2024

🔗 References

https://jvn.jp/en/jp/JVN51464799/index.html Third Party Advisory
https://www.softcreate.co.jp/news/detail/210 Vendor Advisory
https://jvn.jp/en/jp/JVN51464799/index.html Third Party Advisory
https://www.softcreate.co.jp/news/detail/210 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-33202, you might also want to check these: