CVE-2018-25237: Critical Buffer Overflow in HiSecOS v0-05.3.03
Platform
linux
Component
hirschmann-hisecos
Fixed in
05.3.03
CVE-2018-25237 represents a buffer overflow vulnerability discovered in Hirschmann HiSecOS devices. This flaw allows a remote attacker to potentially crash the device or, more severely, execute arbitrary code. The vulnerability affects versions 0 through 05.3.03 of HiSecOS, specifically when RADIUS authentication is enabled. A patch is available in version 05.3.03.
How to fix
Actualice el dispositivo Hirschmann HiSecOS Classic Firewall (EAGLE, EAGLE One) a la versión 05.3.03 o posterior para mitigar la vulnerabilidad de desbordamiento de búfer. La actualización corrige la validación incorrecta de la longitud de la contraseña en la interfaz de inicio de sesión HTTPS al usar la autenticación RADIUS. Consulte el boletín de seguridad de Belden para obtener más detalles e instrucciones de actualización.
Frequently asked questions
What is CVE-2018-25237?
CVE-2018-25237 is a critical buffer overflow vulnerability in Hirschmann HiSecOS. It occurs when RADIUS authentication is enabled and a password longer than 128 characters is submitted, potentially leading to a denial of service or remote code execution.
Am I affected by CVE-2018-25237?
You are potentially affected if you are using Hirschmann HiSecOS versions 0 through 05.3.03 with RADIUS authentication enabled. Check your device version and upgrade if necessary.
How do I fix CVE-2018-25237?
The vulnerability is fixed in Hirschmann HiSecOS version 05.3.03. Upgrade your device to this version to mitigate the risk.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free