Описание
The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of service (memory corruption).
Ссылки
- ExploitIssue TrackingThird Party Advisory
- PatchThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.9 (исключая)
cpe:2.3:a:mpd_project:mpd:*:*:*:*:*:*:*:*
Конфигурация 2Версия от 4.0.0 (включая) до 4.3.17 (исключая)
Одно из
cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*
cpe:2.3:a:stormshield:stormshield_network_security:4.4.0:*:*:*:*:*:*:*
EPSS
Процентиль: 86%
0.0303
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-787
CWE-787
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of service (memory corruption).
EPSS
Процентиль: 86%
0.0303
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-787
CWE-787