Vulnerabilities > CVE-2022-3229 - Unspecified vulnerability in Unifiedremote Unified Remote

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

unifiedremote

critical

NVD

Published: 2023-02-06

Updated: 2023-02-15

Summary

Because the web management interface for Unified Intents' Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker can change or disable authentication requirements for the Unified Remote protocol, and leverage this now-unauthenticated access to run code of the attacker's choosing.

Vulnerable Configurations

Part	Description	Count
Application	Unifiedremote Unifiedremote Unified Remote *	1
OS	Microsoft Microsoft Windows -	1

References

https://github.com/rapid7/metasploit-framework/pull/16989