Lucene search

[email protected]CVE-2022-43553

HistoryDec 05, 2022 - 10:15 p.m.

CVE-2022-43553

2022-12-0522:15:11

CWE-250

[email protected]

web.nvd.nist.gov

cve-2022-43553

remote code execution

edgerouters

security vulnerability

nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.8%

JSON

A remote code execution vulnerability in EdgeRouters (Version 2.0.9-hotfix.4 and earlier) allows a malicious actor with an operator account to run arbitrary administrator commands.This vulnerability is fixed in Version 2.0.9-hotfix.5 and later.

Affected configurations

NVD

Node

uiedgemax_edgerouter_firmwareRange<2.0.9

uiedgemax_edgerouter_firmwareMatch2.0.9-

uiedgemax_edgerouter_firmwareMatch2.0.9hotfix1

uiedgemax_edgerouter_firmwareMatch2.0.9hotfix2

uiedgemax_edgerouter_firmwareMatch2.0.9hotfix4

AND

uiedgemax_edgerouterMatch-

CPENameOperatorVersion
ui:edgemax_edgerouter_firmwareui edgemax edgerouter firmwarelt2.0.9

CPE	Name	Operator	Version
ui:edgemax_edgerouter_firmware	ui edgemax edgerouter firmware	lt	2.0.9

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "EdgeMAX EdgeRouter",
    "versions": [
      {
        "version": "Fixed Version: 2.0.9-hotfix.5 or later.",
        "status": "affected"
      }
    ]
  }
]

References

community.ui.com/releases/Security-Advisory-Bulletin-026-026/07697c65-30b3-4c06-a158-35e06534480d

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.8%

JSON

Related for CVE-2022-43553

prion1 nvd1 cvelist1