CVE-2022-25218

Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to K2 22.5.9.163 OpenSSL versions prior to K3C 32.1.15.93

Description The issue allows an unauthenticated attacker on the local area network to gain control over the plaintext to which an arbitrary blob of ciphertext will be decrypted by OpenSSL's RSA public decrypt() function. This is due to the use of the RSA algorithm without OAEP or any other padding scheme in telnetd startup. The attacker can manipulate the telnetd startup state machine and obtain a root shell on the device by exchanging crafted UDP packets.

Recommendations For versions prior to K2 22.5.9.163, update to version K2 22.5.9.163 or later to resolve the issue. For versions prior to K3C 32.1.15.93, update to version K3C 32.1.15.93 or later to resolve the issue. As a temporary workaround, consider restricting access to the telnetd startup function until a patch is available.