Cyber Resilience

CVE-2022-3229

CriticalPublic PoC

Published: 06 February 2023

Published
06 February 2023
Modified
25 March 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.7219 98.8th percentile
Risk Priority 63 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-3229 is a critical-severity Improper Authorization (CWE-285) vulnerability in Unifiedremote Unified Remote. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 1.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

The vulnerability affects the web management interface of Unified Intents' Unified Remote solution. Because the interface does not require authentication, an unauthenticated remote attacker can modify or disable authentication requirements on the Unified Remote protocol itself, ultimately enabling arbitrary code execution on the affected system. The issue is tracked as CVE-2022-3229 with a CVSS 3.1 base score of 9.8 and is associated with missing authentication weaknesses (CWE-285 and CWE-306).

A remote attacker with no credentials can directly target the web interface over the network to alter protocol authentication settings and then execute attacker-supplied code. This scenario requires no user interaction and grants full confidentiality, integrity, and availability impact once the protocol is left unauthenticated.

The EPSS score for the vulnerability rose from a low baseline to a peak of 0.8873 on 2025-12-11 before receding to the current value of 0.7219, indicating that exploitation interest increased substantially after public disclosure. Public references consist of Metasploit Framework pull requests that add an exploit module for the issue.

EU & UK References

Vulnerability details

Because the web management interface for Unified Intents' Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker can change or disable authentication requirements for the Unified Remote protocol, and leverage this now-unauthenticated access to run code of…

more

the attacker's choosing.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

unifiedremote
unified remote
≤ 3.11.0.2483

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-306 CWE-285

Requiring identification and rationale for actions allowed without authentication ensures critical functions are not left unprotected by forcing review of authentication requirements.

addresses: CWE-285 CWE-306

Mandating explicit authorization of mobile device connections reduces the risk of improper authorization decisions for system access.

addresses: CWE-285 CWE-306

Ensures authorization decisions are always performed by a complete and analyzable reference monitor.

addresses: CWE-285 CWE-306

Auditing session actions allows identification of improper authorization decisions and enforcement failures.

addresses: CWE-285 CWE-306

The process verifies authorization mechanisms function as intended before system approval.

addresses: CWE-285 CWE-306

By limiting enabled features to only those needed, the control strengthens authorization by removing opportunities for unauthorized use of excess functionality.

addresses: CWE-285 CWE-306

Dedicated authorization servers support policy-based decisions, mitigating improper authorization.

addresses: CWE-285 CWE-306

Protecting the shutoff from unauthorized activation enforces proper authorization for this critical operation.

References