CVE-2022-47531

{"id": "CVE-2022-47531", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2023-12-05T06:15:48.367", "references": [{"url": "https://www.gruppotim.it/it/footer/red-team.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Ericsson Evolved Packet Gateway (EPG) versions 3.x before 3.25 and 2.x before 2.16, allows authenticated users to bypass system CLI and execute commands they are authorized to execute directly in the UNIX shell."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en las versiones 3.x anteriores a 3.25 y 2.x anteriores a 2.16 de Ericsson Evolved Packet Gateway (EPG), que permite a los usuarios autenticados omitir la Interfaz de L\u00ednea de Comandos (CLI) del sistema y ejecutar comandos que est\u00e1n autorizados a ejecutar directamente en el shell de UNIX."}], "lastModified": "2023-12-11T15:35:40.867", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ericsson:evolved_packet_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83CA9958-EC71-41DB-AB47-0374F7A462CF", "versionEndExcluding": "2.16", "versionStartIncluding": "2.0"}, {"criteria": "cpe:2.3:a:ericsson:evolved_packet_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39E6AB32-639F-4736-8477-984747638272", "versionEndExcluding": "3.25", "versionStartIncluding": "3.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}