{

"data_version": "4.0",

"data_type": "CVE",

"data_format": "MITRE",

"CVE_data_meta": {

"ID": "CVE-2022-41010",

"ASSIGNER": "[email protected]",

"STATE": "PUBLIC"

},

"description": {

"description_data": [

{

"lang": "eng",

"value": "Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no port triger protocol (tcp|udp|tcp/udp) triger port <1-65535> forward port <1-65535> description WORD' command template."

}

]

},

"problemtype": {

"problemtype_data": [

{

"description": [

{

"lang": "eng",

"value": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')",

"cweId": "CWE-120"

}

]

}

]

},

"affects": {

"vendor": {

"vendor_data": [

{

"vendor_name": "Siretta",

"product": {

"product_data": [

{

"product_name": "QUARTZ-GOLD",

"version": {

"version_data": [

{

"version_value": "G5.0.1.5-210720-141020",

"version_affected": "="

}

]

}

}

]

}

}

]

}

},

"references": {

"reference_data": [

{

"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1613",

"refsource": "MISC",

"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1613"

}

]

},

"impact": {

"cvss": [

{

"version": "3.0",

"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",

"attackVector": "NETWORK",

"attackComplexity": "LOW",

"privilegesRequired": "HIGH",

"userInteraction": "NONE",

"scope": "UNCHANGED",

"confidentialityImpact": "HIGH",

"integrityImpact": "HIGH",

"availabilityImpact": "HIGH",

"baseScore": 7.2,

"baseSeverity": "HIGH"

}

]

}

}