CVE-2022-31808

Summary

A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V2.85.44), SiPass integrated ACC-AP (All versions < V2.85.43). Affected devices improperly sanitize user input on the telnet command line interface.

This could allow an authenticated user to escalate privileges by injecting arbitrary commands that are executed with root privileges.

Affected Software

VendorProductVersion RangeStatus
SiemensSiPass integrated AC5102 (ACC-G2)All versions < V2.85.44affected
SiemensSiPass integrated ACC-APAll versions < V2.85.43affected

Weaknesses

  • CWE-20: CWE-20: Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References