PT-2022-6352 · Unified Intents · Unified Remote

H00Die

Published

2022-09-21

Updated

2025-03-25

CVE-2022-3229

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Unified Remote (affected versions not specified)

Description The web management interface for Unified Intents' Unified Remote solution does not require authentication, allowing a remote, unauthenticated attacker to change or disable authentication requirements for the Unified Remote protocol. This can be leveraged to run code of the attacker's choosing. The issue is related to an incorrect authorization procedure in the web management interface.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Authorization

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-306

Related Identifiers

BDU:2023-01004

CVE-2022-3229

Affected Products

Unified Remote

PT-2022-6352 · Unified Intents · Unified Remote

CVE-2022-3229

Weakness Enumeration

Related Identifiers

Affected Products

References · 8