CVE-2020-27541

Name of the Vulnerable Software and Affected Versions: Rostelecom CS-C2SHW version 5.0.082.1

Description: The issue is related to a Denial of Service vulnerability. It occurs due to a bug in the AgentGreen service when parsing broadcast discovery UDP packets. If a packet of too small size is sent, it leads to an attempt to allocate a buffer of negative size. As a result, the AgentGreen service will be terminated and restarted later.

Recommendations: For Rostelecom CS-C2SHW version 5.0.082.1, consider disabling the AgentGreen service until a patch is available to prevent potential Denial of Service attacks. Restrict access to the UDP packet parsing functionality to minimize the risk of exploitation. Avoid sending UDP packets of small size to the affected service until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.