PT-2023-25054 · H3C · H3C Magic B1St
Chrisl0Tus
·
Publicado
2023-06-26
·
Atualizado
2023-07-07
·
CVE-2023-34924
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
H3C Magic B1STW version B1STV100R012
Description
The issue is related to a stack overflow via the function SetAPInfoById, allowing attackers to cause a Denial of Service (DoS) via a crafted POST request.
Recommendations
For version B1STV100R012, consider disabling the SetAPInfoById function as a temporary workaround until a patch is available. Restrict access to the vulnerable function to minimize the risk of exploitation. Avoid using the vulnerable function in the affected API endpoint until the issue is resolved.
Exploit
Correção
Memory Corruption
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
H3C Magic B1St