CVE-2022-43553

Summary

A remote code execution vulnerability in EdgeRouters (Version 2.0.9-hotfix.4 and earlier) allows a malicious actor with an operator account to run arbitrary administrator commands.This vulnerability is fixed in Version 2.0.9-hotfix.5 and later.

Affected Software

VendorProductVersion RangeStatus
n/aEdgeMAX EdgeRouterFixed Version: 2.0.9-hotfix.5 or later.affected

Weaknesses

  • CWE-250: Execution with Unnecessary Privileges (CWE-250)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References