CVE-2022-3086

CWE-77 — Command Injection CWE-12633 documents3 sources

Severity

7.6HIGH

EPSS

0.1%

top 68.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cradlepoint Ibr600 Moxa Uc-2101-lx Firmware Moxa Uc-2102-lx Firmware +48 more

Timeline

PublishedDec 2

Latest updateJul 6

Description

Cradlepoint IBR600 NCOS versions 6.5.0.160bc2e and prior are vulnerable to shell escape, which enables local attackers with non-superuser credentials to gain full, unrestrictive shell access which may allow an attacker to execute arbitrary code.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 1.8 | Impact: 5.2

Affected Packages51 packages

▶CVEListV5cradlepoint/ibr6006.5.0.160bc2e

▶NVDmoxa/uc-2101-lx_firmware1.3 — 1.5

▶NVDmoxa/uc-2102-lx_firmware1.3 — 1.5

▶NVDmoxa/uc-2104-lx_firmware1.3 — 1.5

▶NVDmoxa/uc-2111-lx_firmware1.3 — 1.5

🔴Vulnerability Details

GHSA

GHSA-g37x-jpmr-w7p9: An attacker with physical access to Moxa's bootloader versions of UC-8580 Series V1↗2023-07-06

▶

CVEList

Cradlepoint IBR600 Command Injection↗2022-11-29

▶