PT-2022-2388 — Heap Based Buffer Overflow in Avaya Avaya Ers4900+3

PT-2022-2388 · Avaya · Avaya Ers4900+3

Published

2022-05-03

Updated

2022-05-03

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Avaya ERS3500, ERS3600, ERS4900, ERS5900 (affected versions not specified)

Description The issue is caused by a buffer overflow in the dynamic memory of the NanoSSL library. It may allow a remote attacker to execute arbitrary code using a specially crafted POST request.

Recommendations For Avaya ERS3500, ERS3600, ERS4900, ERS5900, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122

Related Identifiers

BDU:2022-02757

Affected Products

Avaya Ers3500

Avaya Ers3600

Avaya Ers4900

Avaya Ers5900

PT-2022-2388 · Avaya · Avaya Ers4900+3

Weakness Enumeration

Related Identifiers

Affected Products

References · 3