PT-2022-24202 · Cms800+1 · Cms800+1
Published
2022-09-13
·
Updated
2023-07-21
·
CVE-2022-38100
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
CMS800 (affected versions not specified)
CME8000 (affected versions not specified)
Description
The issue arises when the device attempts to parse malformed network data sent by a threat actor. A threat actor with network access can remotely issue a specially formatted UDP request, causing the entire device to crash and require a physical reboot. Furthermore, a UDP broadcast request could be sent, leading to a mass denial-of-service attack on all devices connected to the same network.
Recommendations
For CMS800, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
For CME8000, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cme8000
Cms800