Multiple vulnerabilities in Oracle Communications Network Charging and Control
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2022-41881 CVE-2023-25194 CVE-2022-1471 |
| CWE-ID | CWE-835 CWE-502 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. |
| Vulnerable software |
Oracle Communications Network Charging and Control Other software / Other software solutions |
| Vendor | Oracle |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Infinite loop
EUVDB-ID: #VU70118
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-41881
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the HaProxyMessageDecoder when parsing a TLV with type of "PP2_TYPE_SSL". A remote attacker can pass a specially crafted message to consume all available system resources and cause denial of service conditions.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Communications Network Charging and Control: 12.0.6.0.0
CPE2.3 External linkshttps://www.oracle.com/security-alerts/cpujul2023.html?3209
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Deserialization of Untrusted Data
EUVDB-ID: #VU72123
Risk: Low
CVSSv4.0: 7.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear]
CVE-ID: CVE-2023-25194
CWE-ID:
CWE-502 - Deserialization of Untrusted Data
Exploit availability: Yes
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to Apache Kafka Connect performs deserialization of data retrieved from the configured LDAP server in "com.sun.security.auth.module.JndiLoginModule". A remote user ability to create/modify connectors on the server with an arbitrary Kafka client SASL JAAS config can configure the server to connect to a malicious LDAP server and execute arbitrary Java code on the system.
Install update from vendor's website.
Vulnerable software versionsOracle Communications Network Charging and Control: 12.0.3.0.0 - 12.0.6.0.0
CPE2.3- cpe:2.3:a:oracle:oracle_communications_network_charging_and_control:12.0.3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_communications_network_charging_and_control:12.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_communications_network_charging_and_control:12.0.4.0.0:*:*:*:*:*:*:*
https://www.oracle.com/security-alerts/cpujul2023.html?3209
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
3) Deserialization of Untrusted Data
EUVDB-ID: #VU70385
Risk: High
CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]
CVE-ID: CVE-2022-1471
CWE-ID:
CWE-502 - Deserialization of Untrusted Data
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data within the SnakeYaml's Constructor() class. A remote attacker can pass specially crafted yaml content to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Communications Network Charging and Control: 12.0.6.0.0
CPE2.3 External linkshttps://www.oracle.com/security-alerts/cpujul2023.html?3209
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
