Libi2181

**Name of the Vulnerable Software and Affected Versions** Apache CloudStack versions prior to 4.13.1 **Description** A buffer overflow issue has been identified due to the lack of validation of the `mac` parameter in the baremetal virtual router component. This allows an attacker to insert arbitrary shell commands into the `mac` parameter, which are then processed by the v-router. For instance, an attacker could manipulate the API endpoint "http://{GW}:10086/baremetal/provisiondone/{mac}" by inserting malicious commands, such as "http://{GW}:10086/baremetal/provisiondone/#';whoami;#". **Recommendations** For all versions prior to 4.13.1, upgrade to Apache CloudStack 4.13.1.0 or a later version to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable `mac` parameter in the baremetal virtual router component until the upgrade can be applied.