Authentication Bypass in Unified Remote by Unified Intents
CVE-2022-3229

9.8CRITICAL

Key Information:

Vendor: Unified Intents Ab
Status: Unified Remote
Vendor: CVE Published:; 6 February 2023

🔔 Create Unified Intents Ab Vulnerability Alert

What is CVE-2022-3229?

The Unified Remote solution by Unified Intents features a web management interface that lacks proper authentication mechanisms. This oversight allows remote attackers, without the need for authentication, to manipulate the authentication settings of the Unified Remote protocol. Exploiting this vulnerability grants attackers the ability to execute arbitrary code, putting systems at significant risk. Immediate attention and remediation are necessary to safeguard against potential exploitation.

Affected Version(s)

Unified Remote 0 <= 3.11.0.2483 (50)

References

https://github.com/rapid7/metasploit-framework/pull/16989

technical-description

EPSS Score

88% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 6, 2023
Vulnerability Reserved
Sep 15, 2022

Credit

Harkenzo

JSON