CVE-2022-40995

Name of the Vulnerable Software and Affected Versions Siretta QUARTZ-GOLD version G5.0.1.5-210720-141020

Description The issue is related to stack-based buffer overflow vulnerabilities in the DetranCLI command parsing functionality. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities. The buffer overflow is in the function that manages the firmwall command template, which includes parameters such as srcmac, srcip, dstip, protocol, srcport, dstport, policy, and description.

Recommendations For Siretta QUARTZ-GOLD version G5.0.1.5-210720-141020, as a temporary workaround, consider restricting access to the firmwall command template until a patch is available. Avoid using the firmwall command with specially-crafted network packets to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.