CVE-2022-42491

Name of the Vulnerable Software and Affected Versions Siretta QUARTZ-GOLD version G5.0.1.5-210720-141020

Description The issue concerns OS command injection vulnerabilities in the m2m binary. A specially-crafted network request can lead to arbitrary command execution. An attacker can exploit this by sending a network request to trigger the vulnerabilities, which are reachable through the M2M CONFIG SET command.

Recommendations For Siretta QUARTZ-GOLD version G5.0.1.5-210720-141020, as a temporary workaround, consider restricting access to the M2M CONFIG SET command until a patch is available. Avoid using the M2M CONFIG SET command in the affected m2m binary to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.