Arbitrary code execution - CVE-2016-6441
Published: November 2, 2016 / Updated: November 3, 2016
Vulnerability identifier: #VU1143
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2016-6441
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor:
Affected software:
Detailed vulnerability description
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to improper input validation. By sending a specially crafted request to the target Transaction Language 1 (TL1) port, a remote attacker can trigger a buffer overflow allowing him to execute arbitrary code and reload the affected device.
Successful exploitation of the vulnerabilty may result in arbitrary code execution or partial denial of service.
The weakness is due to improper input validation. By sending a specially crafted request to the target Transaction Language 1 (TL1) port, a remote attacker can trigger a buffer overflow allowing him to execute arbitrary code and reload the affected device.
Successful exploitation of the vulnerabilty may result in arbitrary code execution or partial denial of service.
How to mitigate CVE-2016-6441
Update to version 3.17.3S, 3.18.2S. [November 30, 2016].