2023-02-06 22:52:55
rapid7
PUBLISHED
Because the web management interface for Unified Intents Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker can change or disable authentication requirements for the Unified Remote protocol, and leverage this now-unauthenticated access to run code of the attackers choosing.