SB2022081917 - Input validation error in IBM System Storage TS4500 Tape Library
Published: August 19, 2022
Security Bulletin ID
SB2022081917
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Adjecent network
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2021-25217)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack or gain access to sensitive information.
The vulnerability exists due to insufficient validation of options data stored in DHCP leases. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack or gain access to sensitive information.
Both dhcpd and dhclient are affected by the vulnerability.
Remediation
Install update from vendor's website.
References
- https://www.ibm.com/blogs/psirt/security-bulletin-ts4500-is-affected-by-cve-2021-25217/"
- https://www.ibm.com/blogs/psirt/security-bulletin-ts4500-is-affected-by-cve-2021-25217/</a><br><a
- https://www.ibm.com/support/pages/node/6498095"
- https://www.ibm.com/support/pages/node/6498095</a><br><br><br></p>