cbcvebase.
CVE-2022-3229
published 2023-02-06

CVE-2022-3229: Because the web management interface for Unified Intents' Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker…

PriorityP187critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
66.35%
99.2th percentile
Because the web management interface for Unified Intents' Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker can change or disable authentication requirements for the Unified Remote protocol, and leverage this now-unauthenticated access to run code of the attacker's choosing.

Affected

2 ranges
VendorProductVersion rangeFixed in
unified_intents_abunified_remote<= 3.11.0.2483 (50)
unifiedremoteunified_remote<= 3.11.0.2483

Detection & IOCsextracted from sources · hover to see the quote

version3.11.0.2483 (50)
  • Monitor for unauthenticated access to the Unified Remote web management interface, particularly requests that modify authentication settings (e.g., changing access control to 'no password').
  • Detect exploitation attempts against the Unified Remote remote control protocol from unauthenticated/remote sources, especially those followed by code execution activity on Windows hosts.
  • Alert on blind exploitation attempts against the Unified Remote protocol when the web management interface is not accessible, as the exploit module will attempt exploitation without confirming auth state.
  • ·The Unified Remote protocol supports three authentication modes: no password, group password, or individual user accounts. The exploit targets the no-password state, either by forcing it via the web UI or attempting blind exploitation. Defenders should ensure the web management interface is not exposed and authentication is enforced.
  • ·The web management interface for Unified Remote does not itself require authentication, making it the initial attack vector for disabling protocol-level authentication.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.