CVE-2022-31483

06.06.2022, 17:15

An authenticated attacker can upload a file with a filename including .. and / to achieve the ability to upload the desired file anywhere on the filesystem. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.271. This allows a malicious actor to overwrite sensitive system files and install a startup service to gain remote access to the underlaying Linux operating system with root privileges.

Path Traversal

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.1 CRITICAL	NETWORK	LOW	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Carrier	CNA	9.1 CRITICAL	NETWORK	LOW	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 58%

Vendor	Product	Version
hidglobal	lp1501_firmware	𝑥 < 1.271
hidglobal	lp1502_firmware	𝑥 < 1.271
hidglobal	lp2500_firmware	𝑥 < 1.271
hidglobal	lp4502_firmware	𝑥 < 1.271
hidglobal	ep4502_firmware	𝑥 < 1.271
carrier	lenels2_lnl-4420_firmware	𝑥 < 1.271
carrier	lenels2_lnl-x2210_firmware	𝑥 < 1.271
carrier	lenels2_lnl-x2220_firmware	𝑥 < 1.271
carrier	lenels2_lnl-x3300_firmware	𝑥 < 1.271
carrier	lenels2_lnl-x4420_firmware	𝑥 < 1.271
carrier	lenels2_s2-lp-1501_firmware	𝑥 < 1.271
carrier	lenels2_s2-lp-1502_firmware	𝑥 < 1.271
carrier	lenels2_s2-lp-2500_firmware	𝑥 < 1.271
carrier	lenels2_s2-lp-4502_firmware	𝑥 < 1.271

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References

https://www.corporate.carrier.com/product-security/advisories-resources/