CVE-2023-48430

Name of the Vulnerable Software and Affected Versions SINEC INS versions prior to V1.0 SP2 Update 2

Description A vulnerability has been identified in the REST API of affected devices, where it does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the API, resulting in an automatic server restart.

Recommendations For versions prior to V1.0 SP2 Update 2, update to V1.0 SP2 Update 2 or later to resolve the issue. As a temporary workaround, consider restricting access to the REST API to minimize the risk of exploitation.