CVE-2022-41028

Name of the Vulnerable Software and Affected Versions Siretta QUARTZ-GOLD version G5.0.1.5-210720-141020

Description Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities. The buffer overflow is in the function that manages the 'no vpn schedule name1 WORD name2 WORD policy (failover|backup) description (WORD|null)' command template.

Recommendations For version G5.0.1.5-210720-141020, as a temporary workaround, consider disabling the function that manages the no vpn schedule name1 WORD name2 WORD policy (failover|backup) description (WORD|null) command template until a patch is available. Restrict access to the DetranCLI command parsing functionality to minimize the risk of exploitation. Avoid using the name1, name2, policy, and description variables in the affected command template until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.