Main Vulnerability Database Vulnerabilities #VU69415

#VU69415 Command Injection in NetCloud OS and IBR600 - CVE-2022-3086

Published: November 18, 2022 / Updated: November 29, 2022

Vulnerability identifier: #VU69415

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-3086

CWE-ID: CWE-77

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
NetCloud OS
IBR600

Software vendor:
Cradlepoint

Description

The vulnerability allows a local user to execute arbitrary commands on the target system.

The vulnerability exists due to improper input validation. A local user can pass specially crafted data to the application and execute arbitrary commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install updates from vendor's website.

External links

https://ics-cert.us-cert.gov/advisories/icsa-22-321-02