Vulnerabilities > CVE-2022-41027 - Out-of-bounds Write vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

047910
CVSS 7.2 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
siretta
CWE-787

Summary

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'vpn schedule name1 WORD name2 WORD policy (failover|backup) description (WORD|null)' command template.

Vulnerable Configurations

Part Description Count
OS
Siretta
1
Hardware
Siretta
1

Common Weakness Enumeration (CWE)