CVE-2021-47891

Unified Remote 3.9.0.2463 - Remote Code Execution

CVSS 9.3 CRITICALEPSS 0.8%CWE-306

Unified Remote 3.9.0.2463 contains a remote code execution vulnerability that allows attackers to send crafted network packets to execute arbitrary commands. Attackers can exploit the service by connecting to port 9512 and sending specially crafted packets to open a command prompt and download and execute malicious payloads.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

Unified Intents AB · Unified Remote

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.exploit-db.com/exploits/49587 https://www.unifiedremote.com/https://www.unifiedremote.com/download https://www.vulncheck.com/advisories/unified-remote-remote-code-execution