CVE-2022-41004

Name of the Vulnerable Software and Affected Versions Siretta QUARTZ-GOLD version G5.0.1.5-210720-141020

Description The issue concerns stack-based buffer overflow vulnerabilities in the DetranCLI command parsing functionality. These vulnerabilities can be triggered by a specially-crafted network packet, potentially leading to arbitrary command execution. An attacker can exploit this by sending a sequence of requests. The buffer overflow is specifically located in the function managing the no ip nat outside source command template, which includes parameters such as udp|tcp|all, WORD|null, and A.B.C.D.

Recommendations For Siretta QUARTZ-GOLD version G5.0.1.5-210720-141020, as a temporary workaround, consider restricting access to the DetranCLI command parsing functionality to minimize the risk of exploitation. Avoid using the no ip nat outside source command template until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.