CVE-2022-3229
Published: 06 February 2023
Summary
CVE-2022-3229 is a critical-severity Improper Authorization (CWE-285) vulnerability in Unifiedremote Unified Remote. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 1.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
The vulnerability affects the web management interface of Unified Intents' Unified Remote solution. Because the interface does not require authentication, an unauthenticated remote attacker can modify or disable authentication requirements on the Unified Remote protocol itself, ultimately enabling arbitrary code execution on the affected system. The issue is tracked as CVE-2022-3229 with a CVSS 3.1 base score of 9.8 and is associated with missing authentication weaknesses (CWE-285 and CWE-306).
A remote attacker with no credentials can directly target the web interface over the network to alter protocol authentication settings and then execute attacker-supplied code. This scenario requires no user interaction and grants full confidentiality, integrity, and availability impact once the protocol is left unauthenticated.
The EPSS score for the vulnerability rose from a low baseline to a peak of 0.8873 on 2025-12-11 before receding to the current value of 0.7219, indicating that exploitation interest increased substantially after public disclosure. Public references consist of Metasploit Framework pull requests that add an exploit module for the issue.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-42640
Vulnerability details
Because the web management interface for Unified Intents' Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker can change or disable authentication requirements for the Unified Remote protocol, and leverage this now-unauthenticated access to run code of…
more
the attacker's choosing.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Requiring identification and rationale for actions allowed without authentication ensures critical functions are not left unprotected by forcing review of authentication requirements.
Mandating explicit authorization of mobile device connections reduces the risk of improper authorization decisions for system access.
Ensures authorization decisions are always performed by a complete and analyzable reference monitor.
Auditing session actions allows identification of improper authorization decisions and enforcement failures.
The process verifies authorization mechanisms function as intended before system approval.
By limiting enabled features to only those needed, the control strengthens authorization by removing opportunities for unauthorized use of excess functionality.
Dedicated authorization servers support policy-based decisions, mitigating improper authorization.
Protecting the shutoff from unauthorized activation enforces proper authorization for this critical operation.