CVE-2022-47210

Description

The default console presented to users over telnet (when enabled) is restricted to a subset of commands. Commands issued at this console, however, appear to be fed directly into a system call or other similar function. This allows any authenticated user to execute arbitrary commands on the device.

References

https://www.tenable.com/security/research/tra-2022-37

Details