Multiple Avaya switches buffer overflow | CVE-2022-29861
NAME
Multiple Avaya switches buffer overflow
- Platforms Affected:
Avaya ERS3500 Series
Avaya ERS3600 Series
Avaya ERS4900 Series
Avaya ERS5900 Series - Risk Level:
9.8 - Exploitability:
Unproven - Consequences:
Gain Access
DESCRIPTION
Multiple Avaya switches is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when handing multipart form data combined with a string that is not null-terminated. By sending specially-crafted data, a remote attacker could overflow a buffer and execute arbitrary code on the switch.
CVSS 3.0 Information
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Access Vector: Network
- Access Complexity: Low
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- Remediation Level: Official Fix
MITIGATION
Upgrade to the latest version of Aruba switches, available from the Aruba Web site. See References.
- Reference Link:
https://www.armis.com/blog/tlstorm-2-nanossl-tls-library-misuse-leads-to-vulnerabilities-in-common-switches/ - Reference Link:
https://www.avaya.com/en/
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.