SB2023011771 - Multiple vulnerabilities in Communications Unified Assurance

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023011771

SB2023011771 - Multiple vulnerabilities in Communications Unified Assurance

Published: January 17, 2023 Updated: March 25, 2025

Security Bulletin ID SB2023011771
Severity
High
Patch available
YES
Number of vulnerabilities 10
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 40% Medium 60%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 10 secuirty vulnerabilities.


1) Resource exhaustion (CVE-ID: CVE-2022-36055)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect resource management within the strvals package, responsible for converting strings into Go structures. A remote attacker can pass specially crafted input to the application and consume all available memory on the system.


2) Deserialization of Untrusted Data (CVE-ID: CVE-2022-42003)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insecure input validation when processing serialized data when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. A remote attacker can pass specially crafted data to the application and cause a denial of service condition on the target system.


3) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2022-42252)

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP requests. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers via an invalid Content-Length header.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks but requires Tomcat to be configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (not the default configuration).


4) Path traversal (CVE-ID: CVE-2022-41720)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to the way os.DirFS function and http.Dir type handle empty values on Windows, allowing an attacker with control over the path to view arbitrary files on the system.


5) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2020-16156)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to incorrect processing of signed code. A remote attacker trick the victim into downloading a malicious file, bypass signature verification procedure and compromise the affected system.


6) Improper Check or Handling of Exceptional Conditions (CVE-ID: CVE-2022-32212)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to IsIPAddress does not properly checks if an IP address is invalid or not. A remote unauthenticated attacker can exploit this vulnerability to bypass the IsAllowedHost check and execute arbitrary code on the system.


7) Integer overflow (CVE-ID: CVE-2022-37454)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow within the Keccak XKCP SHA-3 reference implementation. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system or eliminate expected cryptographic properties.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


8) Improper Authorization (CVE-ID: CVE-2022-22978)

The vulnerability allows a remote attacker to bypass authorization process.

The vulnerability exists due to input validation error when processing untrusted input in applications that are using RegexRequestMatcher with `.` in the regular expression. A remote non-authenticated attacker can bypass authorization checks.


9) Deserialization of Untrusted Data (CVE-ID: CVE-2019-17571)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insecure input validation when processing serialized data within the SocketServer class in Log4j. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system,  if these is a deserialization gadget listening to untrusted network traffic for log data.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


10) Code Injection (CVE-ID: CVE-2022-42889)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to an insecure variable interpolation when processing untrusted input. A remote attacker can send a specially crafted input and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability was dubbed Text4shell.


Remediation

Install update from vendor's website.

References