CVE-2022-3229
published 2023-02-06CVE-2022-3229: Because the web management interface for Unified Intents' Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker…
PriorityP187critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
66.35%
99.2th percentile
Because the web management interface for Unified Intents' Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker can change or disable authentication requirements for the Unified Remote protocol, and leverage this now-unauthenticated access to run code of the attacker's choosing.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| unified_intents_ab | unified_remote | <= 3.11.0.2483 (50) | — |
| unifiedremote | unified_remote | <= 3.11.0.2483 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated access to the Unified Remote web management interface, particularly requests that modify authentication settings (e.g., changing access control to 'no password'). ↗
- →Detect exploitation attempts against the Unified Remote remote control protocol from unauthenticated/remote sources, especially those followed by code execution activity on Windows hosts. ↗
- →Alert on blind exploitation attempts against the Unified Remote protocol when the web management interface is not accessible, as the exploit module will attempt exploitation without confirming auth state. ↗
- ·The Unified Remote protocol supports three authentication modes: no password, group password, or individual user accounts. The exploit targets the no-password state, either by forcing it via the web UI or attempting blind exploitation. Defenders should ensure the web management interface is not exposed and authentication is enforced. ↗
- ·The web management interface for Unified Remote does not itself require authentication, making it the initial attack vector for disabling protocol-level authentication. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2023-02-06
Published