CVE-2022-31479

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-31479
An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable. The injected commands only get executed during start up or when unsafe calls regarding the hostname are used. This allows the attacker to gain remote access to the device and can make their persistence permanent by modifying the filesystem.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
https://www.corporate.carrier.com/product-security/advisories-resources/ Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:hidglobal:lp1501_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:lp1501:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:hidglobal:lp1502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:lp1502:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:hidglobal:lp2500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:lp2500:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:hidglobal:lp4502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:lp4502:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:hidglobal:ep4502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:ep4502:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:carrier:lenels2_lnl-4420_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_lnl-4420:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:carrier:lenels2_lnl-x2210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_lnl-x2210:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:carrier:lenels2_lnl-x2220_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_lnl-x2220:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:carrier:lenels2_lnl-x3300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_lnl-x3300:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:carrier:lenels2_lnl-x4420_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_lnl-x4420:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:carrier:lenels2_s2-lp-1501_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_s2-lp-1501:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:carrier:lenels2_s2-lp-1502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_s2-lp-1502:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:carrier:lenels2_s2-lp-2500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_s2-lp-2500:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:carrier:lenels2_s2-lp-4502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_s2-lp-4502:-:*:*:*:*:*:*:*
History

29 Jun 2023, 14:43

Type Values Removed Values Added
CWE NVD-CWE-noinfo CWE-78

17 Jun 2022, 14:11

Type Values Removed Values Added
CPE cpe:2.3:h:carrier:lenels2_s2-lp-4502:-:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:lp1502:-:*:*:*:*:*:*:*
cpe:2.3:o:carrier:lenels2_lnl-x3300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:carrier:lenels2_lnl-4420_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_lnl-4420:-:*:*:*:*:*:*:*
cpe:2.3:o:hidglobal:lp4502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:carrier:lenels2_lnl-x2210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:ep4502:-:*:*:*:*:*:*:*
cpe:2.3:o:hidglobal:lp1502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:carrier:lenels2_s2-lp-1501_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:carrier:lenels2_s2-lp-4502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:lp4502:-:*:*:*:*:*:*:*
cpe:2.3:o:carrier:lenels2_s2-lp-2500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_lnl-x2220:-:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_s2-lp-1501:-:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:lp2500:-:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:lp1501:-:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_s2-lp-1502:-:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_lnl-x2210:-:*:*:*:*:*:*:*
cpe:2.3:o:hidglobal:ep4502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_lnl-x4420:-:*:*:*:*:*:*:*
cpe:2.3:o:hidglobal:lp1501_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:carrier:lenels2_s2-lp-1502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:carrier:lenels2_lnl-x2220_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_lnl-x3300:-:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_s2-lp-2500:-:*:*:*:*:*:*:*
cpe:2.3:o:carrier:lenels2_lnl-x4420_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hidglobal:lp2500_firmware:*:*:*:*:*:*:*:*
First Time Hidglobal lp2500 Firmware
Carrier lenels2 S2-lp-1502
Hidglobal ep4502 Firmware
Hidglobal lp1502 Firmware
Carrier lenels2 S2-lp-2500 Firmware
Carrier lenels2 S2-lp-4502 Firmware
Hidglobal lp4502
Hidglobal lp4502 Firmware
Carrier lenels2 Lnl-x2210
Carrier lenels2 Lnl-x4420 Firmware
Hidglobal ep4502
Carrier lenels2 Lnl-4420 Firmware
Hidglobal
Carrier lenels2 Lnl-4420
Carrier lenels2 S2-lp-1501 Firmware
Carrier
Hidglobal lp1501 Firmware
Carrier lenels2 Lnl-x2220 Firmware
Carrier lenels2 Lnl-x3300 Firmware
Hidglobal lp2500
Hidglobal lp1502
Carrier lenels2 Lnl-x2210 Firmware
Carrier lenels2 S2-lp-2500
Carrier lenels2 Lnl-x2220
Carrier lenels2 S2-lp-1502 Firmware
Hidglobal lp1501
Carrier lenels2 S2-lp-4502
Carrier lenels2 Lnl-x3300
Carrier lenels2 S2-lp-1501
Carrier lenels2 Lnl-x4420
CVSS v2 : unknown
v3 : unknown 		v2 : 10.0
v3 : 9.8
References (MISC) https://www.corporate.carrier.com/product-security/advisories-resources/ - (MISC) https://www.corporate.carrier.com/product-security/advisories-resources/ - Vendor Advisory
CWE NVD-CWE-noinfo

06 Jun 2022, 17:39

Type Values Removed Values Added
New CVE
Information

Published : 2022-06-06 17:15

Updated : 2023-12-10 14:22

NVD link : CVE-2022-31479

Mitre link : CVE-2022-31479

CVE.ORG link : CVE-2022-31479

JSON object : View

Products Affected

carrier

  • lenels2_s2-lp-4502
  • lenels2_s2-lp-1502
  • lenels2_lnl-4420_firmware
  • lenels2_s2-lp-1502_firmware
  • lenels2_lnl-x2210
  • lenels2_lnl-4420
  • lenels2_lnl-x2220
  • lenels2_lnl-x3300_firmware
  • lenels2_lnl-x2220_firmware
  • lenels2_lnl-x2210_firmware
  • lenels2_lnl-x4420
  • lenels2_s2-lp-1501
  • lenels2_s2-lp-2500
  • lenels2_lnl-x3300
  • lenels2_s2-lp-2500_firmware
  • lenels2_lnl-x4420_firmware
  • lenels2_s2-lp-1501_firmware
  • lenels2_s2-lp-4502_firmware

hidglobal

  • lp1502
  • lp2500
  • lp4502_firmware
  • ep4502_firmware
  • lp4502
  • lp1502_firmware
  • lp1501
  • lp1501_firmware
  • lp2500_firmware
  • ep4502
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-693

Protection Mechanism Failure