PT-2019-5786 · Cdata · Cdata

Alexandre Torres

Published

2019-12-27

Updated

2021-03-11

CVE-2020-29057

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions CDATA devices versions 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, FD8000

Description The issue allows remote attackers to cause a denial of service (reboot) by sending random bytes to the telnet server on port 23, also known as a "shawarma" attack. It is related to incorrect resource release.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the telnet server on port 23 to minimize the risk of exploitation.

Exploit

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404

Related Identifiers

BDU:2021-02149

CVE-2020-29057

Affected Products

Cdata

PT-2019-5786 · Cdata · Cdata

CVE-2020-29057

Weakness Enumeration

Related Identifiers

Affected Products

References · 7