CVE-2022-3229

CVSS V2 None CVSS V3 None
Description
Because the web management interface for Unified Intents' Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker can change or disable authentication requirements for the Unified Remote protocol, and leverage this now-unauthenticated access to run code of the attacker's choosing.
Overview
  • CVE ID
  • CVE-2022-3229
  • Assigner
  • cve@rapid7.con
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-02-06T23:15:09
  • Last Modified Date
  • 2023-02-15T16:24:20
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:a:unifiedremote:unified_remote:*:*:*:*:*:*:*:* 1 OR 3.11.0.2483
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* 0 OR
References
Reference URL Reference Tags
https://github.com/rapid7/metasploit-framework/pull/16989 Exploit Issue Tracking Patch
History
Created Old Value New Value Data Type Notes
2023-04-17 07:19:05 Added to TrackCVE
2023-04-17 07:19:08 Weakness Enumeration new