CVE-2022-3086

Cradlepoint IBR600 NCOS versions 6.5.0.160bc2e and prior are vulnerable 
to shell escape, which enables local attackers with non-superuser 
credentials to gain full, unrestrictive shell access which may allow an 
attacker to execute arbitrary code.
Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.1 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
icscertCNA
7.1 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
VendorProductVersion
moxauc-8580-t-lx_firmware
1.1
moxauc-8580-t-ct-lx_firmware
1.1
moxauc-8580-t-q-lx_firmware
1.1
moxauc-8580-t-ct-q-lx_firmware
1.1
moxauc-8580-q-lx_firmware
1.1
moxauc-8580-lx_firmware
1.1
moxauc-8540-lx_firmware
1.0 ≤
𝑥
≤ 1.2
moxauc-8540-t-ct-lx_firmware
1.0 ≤
𝑥
≤ 1.2
moxauc-8540-t-lx_firmware
1.0 ≤
𝑥
≤ 1.2
moxauc-8410a-lx_firmware
2.2
moxauc-8410a-nw-lx_firmware
2.2
moxauc-8410a-nw-t-lx_firmware
2.2
moxauc-8410a-t-lx_firmware
2.2
moxauc-8210-t-lx-s_firmware
1.0 ≤
𝑥
≤ 2.4
moxauc-8220-t-lx_firmware
1.0 ≤
𝑥
≤ 2.4
moxauc-8220-t-lx-us-s_firmware
1.0 ≤
𝑥
≤ 2.4
moxauc-8220-t-lx-eu-s_firmware
1.0 ≤
𝑥
≤ 2.4
moxauc-8220-t-lx-ap-s_firmware
1.0 ≤
𝑥
≤ 2.4
moxauc-8112a-me-t-lx_firmware
1.0
moxauc-8112a-me-t-lx_firmware
1.1
moxauc-8131-lx_firmware
1.2
moxauc-8131-lx_firmware
1.3
moxauc-8132-lx_firmware
1.2
moxauc-8132-lx_firmware
1.3
moxauc-8162-lx_firmware
1.2
moxauc-8162-lx_firmware
1.3
moxauc-8112-lx_firmware
1.2
moxauc-8112-lx_firmware
1.3
moxauc-5101-lx_firmware
1.2
moxauc-5101-t-lx_firmware
1.2
moxauc-5102-lx_firmware
1.2
moxauc-5102-t-lx_firmware
1.2
moxauc-5111-lx_firmware
1.2
moxauc-5111-t-lx_firmware
1.2
moxauc-5112-lx_firmware
1.2
moxauc-5112-t-lx_firmware
1.2
moxauc-3101-t-ap-lx_firmware
1.2 ≤
𝑥
≤ 2.0
moxauc-3101-t-eu-lx_firmware
1.2 ≤
𝑥
≤ 2.0
moxauc-3101-t-us-lx_firmware
1.2 ≤
𝑥
≤ 2.0
moxauc-3111-t-ap-lx_firmware
1.2 ≤
𝑥
≤ 2.0
moxauc-3111-t-ap-lx-nw_firmware
1.2 ≤
𝑥
≤ 2.0
moxauc-3111-t-eu-lx_firmware
1.2 ≤
𝑥
≤ 2.0
moxauc-3111-t-eu-lx-nw_firmware
1.2 ≤
𝑥
≤ 2.0
moxauc-3111-t-us-lx_firmware
1.2 ≤
𝑥
≤ 2.0
moxauc-3111-t-us-lx-nw_firmware
1.2 ≤
𝑥
≤ 2.0
moxauc-3121-t-ap-lx_firmware
1.2 ≤
𝑥
≤ 2.0
moxauc-3121-t-eu-lx_firmware
1.2 ≤
𝑥
≤ 2.0
moxauc-3121-t-us-lx_firmware
1.2 ≤
𝑥
≤ 2.0
moxauc-2101-lx_firmware
1.3 ≤
𝑥
≤ 1.5
moxauc-2102-lx_firmware
1.3 ≤
𝑥
≤ 1.5
moxauc-2104-lx_firmware
1.3 ≤
𝑥
≤ 1.5
moxauc-2111-lx_firmware
1.3 ≤
𝑥
≤ 1.5
moxauc-2112-lx_firmware
1.3 ≤
𝑥
≤ 1.5
moxauc-2114-t-lx_firmware
1.3 ≤
𝑥
≤ 1.5
moxauc-2114-t-lx_firmware
1.3 ≤
𝑥
≤ 1.5
moxauc-2116-t-lx_firmware
1.3 ≤
𝑥
≤ 1.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.cisa.gov/uscert/ics/advisories/icsa-22-321-02
https://www.cisa.gov/uscert/ics/advisories/icsa-22-321-02