CVE-2022-3086: Cradlepoint NCOS Command Injection

2022-11-18 17:07:34

SUMMARY:

An authenticated local user on NetCloud OS (NCOS) versions before 7.22.70 can run a restricted shell escape sequence utilizing an OpenVPN Tunnel Feature that could allow local authenticated user the ability to execute code.

 

---

 

Public Disclosure: https://www.cisa.gov/uscert/ics/advisories/icsa-22-321-02

 

Vulnerability Status:

• NetCloud Manager: Not Affected
• NetCloud OS: Affected, Patched July 2022 with release 7.22.70