CVE-2022-43553

A remote code execution vulnerability in EdgeRouters (Version 2.0.9-hotfix.4 and earlier) allows a malicious actor with an operator account to run arbitrary administrator commands.This vulnerability is fixed in Version 2.0.9-hotfix.5 and later.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:ui:edgemax_edgerouter_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ui:edgemax_edgerouter_firmware:2.0.9:-:*:*:*:*:*:*
cpe:2.3:o:ui:edgemax_edgerouter_firmware:2.0.9:hotfix1:*:*:*:*:*:*
cpe:2.3:o:ui:edgemax_edgerouter_firmware:2.0.9:hotfix2:*:*:*:*:*:*
cpe:2.3:o:ui:edgemax_edgerouter_firmware:2.0.9:hotfix4:*:*:*:*:*:*
cpe:2.3:h:ui:edgemax_edgerouter:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:26

Type Values Removed Values Added
References () https://community.ui.com/releases/Security-Advisory-Bulletin-026-026/07697c65-30b3-4c06-a158-35e06534480d - Vendor Advisory () https://community.ui.com/releases/Security-Advisory-Bulletin-026-026/07697c65-30b3-4c06-a158-35e06534480d - Vendor Advisory

Information

Published : 2022-12-05 22:15

Updated : 2024-11-21 07:26


NVD link : CVE-2022-43553

Mitre link : CVE-2022-43553

CVE.ORG link : CVE-2022-43553


JSON object : View

Products Affected

ui

  • edgemax_edgerouter_firmware
  • edgemax_edgerouter
CWE
CWE-250

Execution with Unnecessary Privileges

NVD-CWE-noinfo