Vulnerability Description
Cradlepoint IBR600 NCOS versions 6.5.0.160bc2e and prior are vulnerable to shell escape, which enables local attackers with non-superuser credentials to gain full, unrestrictive shell access which may allow an attacker to execute arbitrary code.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moxa | Uc-8580-T-Lx Firmware | 1.1 |
| Moxa | Uc-8580-T-Lx | - |
| Moxa | Uc-8580-T-Ct-Lx Firmware | 1.1 |
| Moxa | Uc-8580-T-Ct-Lx | - |
| Moxa | Uc-8580-T-Q-Lx Firmware | 1.1 |
| Moxa | Uc-8580-T-Q-Lx | - |
| Moxa | Uc-8580-T-Ct-Q-Lx Firmware | 1.1 |
| Moxa | Uc-8580-T-Ct-Q-Lx | - |
| Moxa | Uc-8580-Q-Lx Firmware | 1.1 |
| Moxa | Uc-8580-Q-Lx | - |
| Moxa | Uc-8580-Lx Firmware | 1.1 |
| Moxa | Uc-8580-Lx | - |
| Moxa | Uc-8540-Lx Firmware | >= 1.0, <= 1.2 |
| Moxa | Uc-8540-Lx | - |
| Moxa | Uc-8540-T-Ct-Lx Firmware | >= 1.0, <= 1.2 |
| Moxa | Uc-8540-T-Ct-Lx | - |
| Moxa | Uc-8540-T-Lx Firmware | >= 1.0, <= 1.2 |
| Moxa | Uc-8540-T-Lx | - |
| Moxa | Uc-8410A-Lx Firmware | 2.2 |
| Moxa | Uc-8410A-Lx | - |
Related Weaknesses (CWE)
References
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-321-02
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-321-02
FAQ
What is CVE-2022-3086?
CVE-2022-3086 is a vulnerability with a CVSS score of 7.1 (HIGH). Cradlepoint IBR600 NCOS versions 6.5.0.160bc2e and prior are vulnerable to shell escape, which enables local attackers with non-superuser credentials to gain full, unrestrictive shell access which m...
How severe is CVE-2022-3086?
CVE-2022-3086 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-3086?
Check the references section above for vendor advisories and patch information. Affected products include: Moxa Uc-8580-T-Lx Firmware, Moxa Uc-8580-T-Lx, Moxa Uc-8580-T-Ct-Lx Firmware, Moxa Uc-8580-T-Ct-Lx, Moxa Uc-8580-T-Q-Lx Firmware.