Vulnerability Details : CVE-2022-3086
Cradlepoint IBR600 NCOS versions 6.5.0.160bc2e and prior are vulnerable to shell escape, which enables local attackers with non-superuser credentials to gain full, unrestrictive shell access which may allow an attacker to execute arbitrary code.
Vulnerability category: Execute code
Products affected by CVE-2022-3086
- cpe:2.3:o:moxa:uc-2101-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-2102-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-2104-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-2111-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-2112-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-2114-t-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-2116-t-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-3101-t-us-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-3101-t-eu-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-3111-t-us-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-3111-t-eu-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-3121-t-us-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-3121-t-eu-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-3101-t-ap-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-3111-t-ap-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-3121-t-ap-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-3111-t-eu-lx-nw_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-3111-t-ap-lx-nw_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-3111-t-us-lx-nw_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-5101-lx_firmware:1.2:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-5101-t-lx_firmware:1.2:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-5102-lx_firmware:1.2:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-5102-t-lx_firmware:1.2:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-5111-lx_firmware:1.2:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-5111-t-lx_firmware:1.2:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-5112-lx_firmware:1.2:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-5112-t-lx_firmware:1.2:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-8131-lx_firmware:1.3:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-8131-lx_firmware:1.2:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-8132-lx_firmware:1.2:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-8132-lx_firmware:1.3:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-8162-lx_firmware:1.2:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-8162-lx_firmware:1.3:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-8112-lx_firmware:1.2:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-8112-lx_firmware:1.3:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-8112a-me-t-lx_firmware:1.1:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-8112a-me-t-lx_firmware:1.0:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-8220-t-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-8220-t-lx-us-s_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-8220-t-lx-eu-s_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-8220-t-lx-ap-s_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-8410a-lx_firmware:2.2:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-8410a-t-lx_firmware:2.2:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-8410a-nw-lx_firmware:2.2:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-8410a-nw-t-lx_firmware:2.2:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-8580-lx_firmware:1.1:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-8580-t-lx_firmware:1.1:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-8580-t-ct-lx_firmware:1.1:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-8580-q-lx_firmware:1.1:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-8580-t-q-lx_firmware:1.1:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-8580-t-ct-q-lx_firmware:1.1:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-8540-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-8540-t-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-8540-t-ct-lx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:moxa:uc-8210-t-lx-s_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-3086
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 26 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-3086
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.1
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
1.8
|
5.2
|
ICS-CERT | |
7.6
|
HIGH | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
0.9
|
6.0
|
NIST |
CWE ids for CVE-2022-3086
-
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.Assigned by: ics-cert@hq.dhs.gov (Primary)
References for CVE-2022-3086
-
https://www.cisa.gov/uscert/ics/advisories/icsa-22-321-02
Cradlepoint IBR600 | CISA
Jump to