How severe is CVE-2022-31479?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2022-31479?

This is classified as CWE-693, which is a common weakness in software security.

CVE-2022-31479

CRITICAL Year: 2022

CVSS v3 Score

9.8

Critical

CVSS v2 Score

10.0

Critical

Weakness Type

CWE-693

View all →

Vulnerability Description

An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable. The injected commands only get executed during start up or when unsafe calls regarding the hostname are used. This allows the attacker to gain remote access to the device and can make their persistence permanent by modifying the filesystem.

CVE-2013-2465

CRITICAL

CVSS:9.8(Critical)

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remot...

CWE-6932013

CVE-2017-3197

CRITICAL

CVSS:9.8(Critical)

GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does not securely implement BIOSWE, BLE, SMM_BWP, and PRx features. As a result, the BIOS is not ...

CWE-6932017

CVE-2017-8864

CRITICAL

CVSS:9.8(Critical)

Client-side enforcement using JavaScript of server-side security options on the Cohu 3960HD allows an attacker to manipulate options sent to the camera and cause malfunction or code execution, as demo...

CWE-6932017

CVE-2018-9311

CRITICAL

CVSS:9.8(Critical)

The Telematics Control Unit (aka Telematic Communication Box or TCB), when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network.

CWE-6932018

CVE-2018-9318

CRITICAL

CVSS:9.8(Critical)

The Telematics Control Unit (aka Telematic Communication Box or TCB), when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network.

CWE-6932018

CVE-2021-27497

CRITICAL

CVSS:9.8(Critical)

Philips Vue PACS versions 12.2.x.x and prior does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

CWE-6932021

CVE-2022-31479

Vulnerability Description

Related Vulnerabilities

CVE-2013-2465

CVE-2017-3197

CVE-2017-8864

CVE-2018-9311

CVE-2018-9318

CVE-2021-27497