CVE-2023-48428

Name of the Vulnerable Software and Affected Versions SINEC INS versions prior to V1.0 SP2 Update 2

Description A vulnerability has been identified in the radius configuration mechanism of SINEC INS, where it does not correctly check uploaded certificates. This could allow a malicious admin to upload a crafted certificate, resulting in a denial-of-service condition or potentially issue commands on a system level.

Recommendations For versions prior to V1.0 SP2 Update 2, update to V1.0 SP2 Update 2 or later to resolve the issue. As a temporary workaround, consider restricting access to the radius configuration mechanism to minimize the risk of exploitation.