What is CVE-2022-3229?

CVE-2022-3229 is a vulnerability in Unified Intents Ab Remote, classified under Improper Authorization. Published 2023-02-06.

Is CVE-2022-3229 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Unified Intents Ab Remote

CVE-2022-3229

Because the web management interface for Unified Intents' Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker can change or disable authentication requirements for the Unified Remote protocol…

EPSS: 0.722 (98.8th percentile) — read the EPSS interpretation.

Affected products

Unified Intents Ab Remote — versions 0

Weakness classification (CWE)

CWE-285 — Improper Authorization

Public proof-of-concept exploits

rapid7/metasploit-framework
ArtemioPadilla/unified-remote-tunnel

References

github.com/rapid7/metasploit-framework/pull/16989 (technical-description)

Frequently asked questions

What is CVE-2022-3229?: CVE-2022-3229 is a vulnerability in Unified Intents Ab Remote, classified under Improper Authorization. Published 2023-02-06.
Is CVE-2022-3229 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.