CVE-2022-47531

Name of the Vulnerable Software and Affected Versions Ericsson Evolved Packet Gateway (EPG) versions 2.x before 2.16 Ericsson Evolved Packet Gateway (EPG) versions 3.x before 3.25

Description The issue is related to the command-line interface (CLI) of the Ericsson Evolved Packet Gateway (EPG) and is associated with access control deficiencies. Exploitation of the issue may allow a remote attacker to execute arbitrary commands. Authenticated users can bypass the system CLI and execute commands they are authorized to execute directly in the UNIX shell.

Recommendations For Ericsson Evolved Packet Gateway (EPG) versions 2.x before 2.16, update to version 2.16 or later to resolve the issue. For Ericsson Evolved Packet Gateway (EPG) versions 3.x before 3.25, update to version 3.25 or later to resolve the issue. As a temporary workaround, consider restricting access to the CLI to minimize the risk of exploitation.