CVE-2022-41001

Vulnerability

A stack-based buffer overflow vulnerability exists in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD firmware version G5.0.1.5-210720-141020. The flaw is located in the function handling the icmp check link WORD destination WORD interval <1-255> retries <1-255> description (WORD|null) command template. Improper bounds checking during sprintf operations leads to a buffer overflow when parsing user-supplied parameters [1].

Exploitation

An attacker with high privileges can send a specially-crafted sequence of network packets to the device, triggering the buffer overflow in the DetranCLI parsing routine. The attacker does not require user interaction, and the attack can be carried out over the network, as indicated by the CVSS vector (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)[1].

Impact

Successful exploitation allows arbitrary command execution on the device at a high privilege level. The attacker can fully compromise confidentiality, integrity, and availability of the affected system, potentially leading to complete control of the router and lateral movement within the network [1].

Mitigation

As of the publication date of TALOS-2022-1613, no official patch or workaround has been released by Siretta for this vulnerability. Users should monitor vendor advisories and consider restricting access to the DetranCLI interface to trusted administrators only [1].