CVE-2022-22805 An attack could occur when an improperly handled TLS packet is reassembled and executed.

CVE-2022-22805 An attack could occur when an improperly handled TLS packet is reassembled and executed.

When a firmware is installed on a SmartConnect Family UPS, it checks the size of the received data. If the received data is larger than the buffer size, the received data will be reassembled and the size will be checked again. An attacker could send a carefully-crafted packet that would cause the data to be reassembled, then cause the data to be reassembled on the second pass, resulting in remote code execution. SmartConnect UPS firmware versions prior to 01.19 have been Vulnerable. Remote Code Execution vulnerability CVE-2019-11478 has been assigned to this vulnerability. More details about this vulnerability can be found at: https://www.cvedetails.com/vulnerability-details/XSA-19-03. More information about this vulnerability can be found in advisory XSA-19 at: https://www.cvedetails.com/advisories/XSA-19. ******************

Solution and Workaround

A new firmware version has been released to address the vulnerability. The company is also releasing a new web service to allow customers to check their firmware versions and identify if they are at risk.
If you use SmartConnect Family UPS that supports Smart Connect, your product is not vulnerable to this issue.

Vulnerability Synopsis

When a firmware is installed on a SmartConnect Family UPS, it checks the size of the received data. If the received data is larger than the buffer size, the received data will be reassembled and the size will be checked again. An attacker could send a carefully-crafted packet that would cause the data to be reassembled, then cause the data to be reassembled on the second pass, resulting in remote code execution. SmartConnect UPS firmware versions prior to 01.19 have been Vulnerable. Remote Code Execution vulnerability CVE-2019-11478 has been assigned to this vulnerability. More details about this vulnerability can be found at: https://www.cvedetails.com/vulnerability-details/XSA-19-03. More information about this vulnerability can be found in advisory XSA-19 at: https://www.cvedetails.com/advisories/XSA-19

Vulnerable firmware versions

SmartConnect UPC firmware versions prior to 01.19 have been Vulnerable. Remote Code Execution vulnerability CVE-2019-11478 has been assigned to this vulnerability. More details about this vulnerability can be found at: https://www.cvedetails.com/vulnerability-details/XSA-19-03. More information about this vulnerability can be found in advisory XSA-19 at: https://www.cvedetails.com/advisories/XSA-19. ******************

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe