Vulnerabilities > CVE-2020-7465 - Out-of-bounds Write vulnerability in multiple products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

mpd-project

stormshield

CWE-787

critical

NVD

Published: 2020-10-06

Updated: 2023-07-19

Summary

The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of service (memory corruption).

Vulnerable Configurations

Part	Description	Count
Application	Mpd_Project MPD Project MPD - MPD Project MPD 3.18 MPD Project MPD 4.0 MPD Project MPD 4.1 MPD Project MPD 4.2 MPD Project MPD 4.2.1 MPD Project MPD 4.2.2 MPD Project MPD 4.3 MPD Project MPD 4.4 MPD Project MPD 4.4.1 MPD Project MPD 5.0 MPD Project MPD 5.1 MPD Project MPD 5.2 MPD Project MPD 5.3 MPD Project MPD 5.4 MPD Project MPD 5.5 MPD Project MPD 5.6 MPD Project MPD 5.7 MPD Project MPD 5.8	30
Application	Stormshield Stormshield Stormshield Network Security 4.0.0 Stormshield Stormshield Network Security 4.0.1 Stormshield Stormshield Network Security 4.3.12.1 Stormshield Stormshield Network Security 4.3.14 Stormshield Stormshield Network Security 4.3.15 Stormshield Stormshield Network Security 4.4.0	6

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References