CVE-2022-31479

Remote Code Execution via command injection of the hostname

CVSS 9.6 CRITICALEPSS 2.3%CWE-693

An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable. The injected commands only get executed during start up or when unsafe calls regarding the hostname are used. This allows the attacker to gain remote access to the device and can make their persistence permanent by modifying the filesystem.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Produtos afetados

HID Mercury · EP4502 HID Mercury · LP1501 HID Mercury · LP1502 HID Mercury · LP2500 HID Mercury · LP4502 LenelS2 · LNL-4420 LenelS2 · LNL-X2210 LenelS2 · LNL-X2220 LenelS2 · LNL-X3300 LenelS2 · LNL-X4420 LenelS2 · S2-LP-1501 LenelS2 · S2-LP-1502 LenelS2 · S2-LP-2500 LenelS2 · S2-LP-4502

PoCs públicas encontradas — 1

githubgithub.com/realyme/CVE-2022-31479-test★ 0

⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.corporate.carrier.com/product-security/advisories-resources/