CVE-2024-25656

Name of the Vulnerable Software and Affected Versions AVSystem Unified Management Platform (UMP) version 23.07.0.16567~LTS

Description The issue is related to improper input validation, which can result in unauthenticated Customer Premises Equipment (CPE) devices storing arbitrarily large amounts of data during registration. This can potentially lead to DDoS attacks on the application database and affect the entire product.

Recommendations For AVSystem Unified Management Platform (UMP) version 23.07.0.16567~LTS, consider implementing proper input validation to prevent unauthenticated CPE devices from storing large amounts of data. As a temporary workaround, restrict access to the registration process to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.