Lucene search

[email protected]CVE-2022-47531

HistoryDec 05, 2023 - 6:15 a.m.

CVE-2022-47531

2023-12-0506:15:48

[email protected]

web.nvd.nist.gov

ericsson

evolved packet gateway

epg

cve-2022-47531

authentication bypass

cli

unix shell

security vulnerability

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.3%

JSON

An issue was discovered in Ericsson Evolved Packet Gateway (EPG) versions 3.x before 3.25 and 2.x before 2.16, allows authenticated users to bypass system CLI and execute commands they are authorized to execute directly in the UNIX shell.

Affected configurations

NVD

Node

ericssonevolved_packet_gatewayRange2.0–2.16

ericssonevolved_packet_gatewayRange3.0–3.25

CPENameOperatorVersion
ericsson:evolved_packet_gatewayericsson evolved packet gatewaylt2.16
ericsson:evolved_packet_gatewayericsson evolved packet gatewaylt3.25

CPE	Name	Operator	Version
ericsson:evolved_packet_gateway	ericsson evolved packet gateway	lt	2.16
ericsson:evolved_packet_gateway	ericsson evolved packet gateway	lt	3.25

References

www.gruppotim.it/it/footer/red-team.html

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.3%

JSON

Related for CVE-2022-47531

prion1 cvelist1 nvd1