CVE-2022-40988

Name of the Vulnerable Software and Affected Versions Siretta QUARTZ-GOLD version 5.0.1.5-210720-141020

Description The issue is related to stack-based buffer overflow vulnerabilities in the DetranCLI command parsing functionality. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities. The buffer overflow is specifically in the function that manages the ipv6 static dns WORD WORD WORD command template.

Recommendations For Siretta QUARTZ-GOLD version 5.0.1.5-210720-141020, consider disabling the function that manages the ipv6 static dns WORD WORD WORD command template until a patch is available. Restrict access to the DetranCLI command parsing functionality to minimize the risk of exploitation. Avoid using the ipv6 static dns WORD WORD WORD command template in the affected functionality until the issue is resolved.