CVE-2022-3229
CRITICALUnified Remote - RCE
Title source: llmDescription
Because the web management interface for Unified Intents' Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker can change or disable authentication requirements for the Unified Remote protocol, and leverage this now-unauthenticated access to run code of the attacker's choosing.
Exploits (1)
metasploit
WORKING POC
NORMAL
by h00die, H4RK3NZ0 · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/unified_remote_rce.rb
Scores
CVSS v3
9.8
EPSS
0.7219
EPSS Percentile
98.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-306
CWE-285
Status
published
Products (1)
unifiedremote/unified_remote
< 3.11.0.2483
Published
Feb 06, 2023
Tracked Since
Feb 18, 2026