SB2023013041 - Multiple vulnerabilities in Siretta QUARTZ-GOLD
Published: January 30, 2023 Updated: January 31, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 62 secuirty vulnerabilities.
1) Path traversal (CVE-ID: CVE-2022-38088)
The vulnerability allows a remote user to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in the httpd downfile.cgi functionality. A remote administrator can send a specially crafted HTTP request and read arbitrary files on the system.
2) Stack-based buffer overflow (CVE-ID: CVE-2022-40986)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the DetranCLI command parsing functionality in the function that manages the ddnsX mx. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Stack-based buffer overflow (CVE-ID: CVE-2022-40998)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the DetranCLI command parsing functionality in the function that manages the no gre index. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Stack-based buffer overflow (CVE-ID: CVE-2022-41012)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the DetranCLI command parsing functionality in the function that manages the no schedule link1. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
5) Stack-based buffer overflow (CVE-ID: CVE-2022-41008)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the DetranCLI command parsing functionality in the function that manages the no port redirect protocol. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
6) Stack-based buffer overflow (CVE-ID: CVE-2022-40990)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the DetranCLI command parsing functionality in the function that manages the no bandwidth. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
7) Stack-based buffer overflow (CVE-ID: CVE-2022-41017)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the DetranCLI command parsing functionality in the function that manages the vpn basic protocol with localip. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
8) Stack-based buffer overflow (CVE-ID: CVE-2022-41018)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the DetranCLI command parsing functionality in the function that manages the no vpn basic protocol with localip. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
9) Stack-based buffer overflow (CVE-ID: CVE-2022-41022)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the DetranCLI command parsing functionality in the function that manages the no vpn l2tp advanced name with options. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
10) Stack-based buffer overflow (CVE-ID: CVE-2022-41024)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the DetranCLI command parsing functionality in the function that manages the no vpn pptp advanced name. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
11) OS Command Injection (CVE-ID: CVE-2022-40969)
The vulnerability allows a remote user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the httpd delfile.cgi functionality. A remote administrator can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
12) Path traversal (CVE-ID: CVE-2022-41154)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in the m2m DELETE_FILE cmd functionality. A remote attacker can send a specially crafted HTTP request and delete arbitrary files on the system.
13) Path traversal (CVE-ID: CVE-2022-39045)
The vulnerability allows a remote user to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in the httpd upload.cgi functionality. A remote administrator can send a specially crafted HTTP request and upload arbitrary files on the system.
14) Stack-based buffer overflow (CVE-ID: CVE-2022-38459)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the httpd downfile.cgi functionality. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
15) Heap-based buffer overflow (CVE-ID: CVE-2022-41991)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the m2m DELETE_FILE cmd functionality. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
16) OS Command Injection (CVE-ID: CVE-2022-40222)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the m2m DELETE_FILE cmd functionality. A remote unauthenticated attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
17) Active Debug Code (CVE-ID: CVE-2022-38715)
The vulnerability allows a remote user to compromise the target system.
The vulnerability exists due to active debug code issue in the httpd shell.cgi functionality. A remote administrator can send a specially crafted HTTP request and execute arbitrary code on the target system.
18) Path traversal (CVE-ID: CVE-2022-40701)
The vulnerability allows a remote user to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in the httpd delfile.cgi functionality. A remote administrator can send a specially crafted HTTP request and delete arbitrary files on the system.
19) Stack-based buffer overflow (CVE-ID: CVE-2022-36279)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the httpd delfile.cgi functionality. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
20) OS Command Injection (CVE-ID: CVE-2022-38066)
The vulnerability allows a remote user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the httpd SNMP functionality. A remote administrator can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
21) OS Command Injection (CVE-ID: CVE-2022-42493)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the m2m binary in the "DOWNLOAD_INFO" command. A remote unauthenticated attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
22) OS Command Injection (CVE-ID: CVE-2022-42492)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the m2m binary in the "DOWNLOAD_AD" command. A remote unauthenticated attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
23) OS Command Injection (CVE-ID: CVE-2022-42490)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the m2m binary in the "DOWNLOAD_CFG_FILE" command. A remote unauthenticated attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
24) OS Command Injection (CVE-ID: CVE-2022-42491)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the m2m binary in the "M2M_CONFIG_SET" command. A remote unauthenticated attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
25) OS Command Injection (CVE-ID: CVE-2022-40220)
The vulnerability allows a remote user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the httpd txt/restore.cgi functionality. A remote administrator can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
26) Stack-based buffer overflow (CVE-ID: CVE-2022-40994)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the DetranCLI command parsing functionality in the function that manages the no firmwall keyword. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
27) Stack-based buffer overflow (CVE-ID: CVE-2022-41028)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the DetranCLI command parsing functionality in the function that manages the no vpn schedule name1. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
28) Stack-based buffer overflow (CVE-ID: CVE-2022-41023)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the DetranCLI command parsing functionality in the function that manages the vpn pptp advanced name. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
29) Stack-based buffer overflow (CVE-ID: CVE-2022-40988)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the DetranCLI command parsing functionality in the function that manages the ipv6 static dns. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
30) Stack-based buffer overflow (CVE-ID: CVE-2022-41007)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the DetranCLI command parsing functionality in the function that manages the port redirect protocol. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
31) Stack-based buffer overflow (CVE-ID: CVE-2022-41025)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the DetranCLI command parsing functionality in the function that manages the vpn pptp advanced name with options. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
32) Stack-based buffer overflow (CVE-ID: CVE-2022-41011)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the DetranCLI command parsing functionality in the function that manages the schedule link1. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
33) Stack-based buffer overflow (CVE-ID: CVE-2022-40999)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the DetranCLI command parsing functionality in the function that manages the gre index with keepalive. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
34) Stack-based buffer overflow (CVE-ID: CVE-2022-40997)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the DetranCLI command parsing functionality in the function that manages the gre index. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
35) Stack-based buffer overflow (CVE-ID: CVE-2022-41010)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the DetranCLI command parsing functionality in the function that manages the no port triger protocol. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
36) Stack-based buffer overflow (CVE-ID: CVE-2022-40993)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the DetranCLI command parsing functionality in the function that manages the firmwall keyword. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
37) Stack-based buffer overflow (CVE-ID: CVE-2022-41013)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the DetranCLI command parsing functionality in the function that manages the static dhcp mac. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
38) Stack-based buffer overflow (CVE-ID: CVE-2022-40992)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the DetranCLI command parsing functionality in the function that manages the no firmwall domain. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
39) Stack-based buffer overflow (CVE-ID: CVE-2022-40989)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the DetranCLI command parsing functionality in the function that manages the bandwidth. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
40) Stack-based buffer overflow (CVE-ID: CVE-2022-40995)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the DetranCLI command parsing functionality in the function that manages the firmwall srcmac. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
41) Stack-based buffer overflow (CVE-ID: CVE-2022-41014)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the DetranCLI command parsing functionality in the function that manages the no static dhcp mac. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
42) Stack-based buffer overflow (CVE-ID: CVE-2022-41006)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the DetranCLI command parsing functionality in the function that manages the no ip static route. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
43) Stack-based buffer overflow (CVE-ID: CVE-2022-41019)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the DetranCLI command parsing functionality in the function that manages the vpn l2tp advanced name. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
44) Stack-based buffer overflow (CVE-ID: CVE-2022-41015)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the DetranCLI command parsing functionality in the function that manages the vpn basic protocol. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
45) Stack-based buffer overflow (CVE-ID: CVE-2022-40996)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the DetranCLI command parsing functionality in the function that manages the no firmwall srcmac. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
46) Stack-based buffer overflow (CVE-ID: CVE-2022-41029)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the DetranCLI command parsing functionality in the function that manages the wlan filter mac address. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
47) Stack-based buffer overflow (CVE-ID: CVE-2022-40991)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the DetranCLI command parsing functionality in the function that manages the firmwall domain. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
48) Stack-based buffer overflow (CVE-ID: CVE-2022-41027)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the DetranCLI command parsing functionality in the function that manages the vpn schedule name1. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
49) Stack-based buffer overflow (CVE-ID: CVE-2022-41009)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the DetranCLI command parsing functionality in the function that manages the port triger protocol. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
50) Stack-based buffer overflow (CVE-ID: CVE-2022-41020)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the DetranCLI command parsing functionality in the function that manages the no vpn l2tp advanced name. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
51) Stack-based buffer overflow (CVE-ID: CVE-2022-40985)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the DetranCLI command parsing functionality in the function that manages the ddnsX hostname. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
52) Stack-based buffer overflow (CVE-ID: CVE-2022-41005)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the DetranCLI command parsing functionality in the function that manages the ip static route. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
53) Stack-based buffer overflow (CVE-ID: CVE-2022-41030)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the DetranCLI command parsing functionality in the function that manages the no wlan filter mac address. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
54) Stack-based buffer overflow (CVE-ID: CVE-2022-41021)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the DetranCLI command parsing functionality in the function that manages the vpn l2tp advanced name with options. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
55) Stack-based buffer overflow (CVE-ID: CVE-2022-41001)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the DetranCLI command parsing functionality in the function that manages the icmp check link. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
56) Stack-based buffer overflow (CVE-ID: CVE-2022-41002)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the DetranCLI command parsing functionality in the function that manages the no icmp check link. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
57) Stack-based buffer overflow (CVE-ID: CVE-2022-41026)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the DetranCLI command parsing functionality in the function that manages the no vpn pptp advanced name with options. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
58) Stack-based buffer overflow (CVE-ID: CVE-2022-40987)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the DetranCLI command parsing functionality in the function that manages the ddnsX username. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
59) Stack-based buffer overflow (CVE-ID: CVE-2022-41000)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the DetranCLI command parsing functionality in the function that manages the no gre index with keepalive. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
60) Stack-based buffer overflow (CVE-ID: CVE-2022-41004)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the DetranCLI command parsing functionality in the function that manages the no ip nat outside source. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
61) Stack-based buffer overflow (CVE-ID: CVE-2022-41016)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the DetranCLI command parsing functionality in the function that manages the no vpn basic protocol. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
62) Stack-based buffer overflow (CVE-ID: CVE-2022-41003)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the DetranCLI command parsing functionality in the function that manages the ip nat outside source. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install update from vendor's website.
References
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1609
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1613
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1607
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1637
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1611
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1608
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1639
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1638
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1610
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1606
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1605
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1615
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1640
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1612