PT-2022-2385 · Ers4900+3 · Ers4900+3
Published
2022-05-03
·
Updated
2022-05-04
·
CVE-2022-29861
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
ERS3500 (affected versions not specified)
ERS3600 (affected versions not specified)
ERS4900 (affected versions not specified)
ERS5900 (affected versions not specified)
Description
The issue is related to errors in processing HTTP headers in the firmware of the affected switches. Exploitation of this issue could allow a remote attacker to execute arbitrary code.
Recommendations
For ERS3500, update the firmware to a version that fixes the HTTP header processing errors.
For ERS3600, update the firmware to a version that fixes the HTTP header processing errors.
For ERS4900, update the firmware to a version that fixes the HTTP header processing errors.
For ERS5900, update the firmware to a version that fixes the HTTP header processing errors.
As a temporary workaround, consider restricting access to the HTTP interface of the switches until a patch is available.
Fix
Heap Based Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ers3500
Ers3600
Ers4900
Ers5900