PT-2023-13607 · Siretta · Siretta Quartz-Gold
Francesco Benvenuto
·
Published
2023-01-26
·
Updated
2023-02-02
·
CVE-2022-38459
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Siretta QUARTZ-GOLD version G5.0.1.5-210720-141020
Description
A stack-based buffer overflow issue exists in the httpd downfile.cgi functionality. This can be triggered by a specially-crafted HTTP request, potentially leading to remote code execution. An attacker can exploit this by sending a crafted HTTP request.
Recommendations
For Siretta QUARTZ-GOLD version G5.0.1.5-210720-141020, as a temporary workaround, consider disabling the downfile.cgi functionality until a patch is available. Restrict access to the httpd service to minimize the risk of exploitation. Avoid using the vulnerable httpd downfile.cgi functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Siretta Quartz-Gold