L2TP & PPP protocols causing an Mpd5 crash
Vulnerability details
PPP and L2TP protocol implementation are subject to a memory corruption vulnerability that could lead to a crash of Mpd5 daemon. It could also lead to a potential RCE in the case of L2TP.
Impacted products
Revisions
Version |
Date |
Description |
v1 |
04/11/2023 |
Reserved Publication |
v2 |
05/25/2023 |
Updated and disclosed |
Stormshield Network Security |
CVSS v3.1 Overall Score: 3 
|
Analysis
|
Impacted version
|
An attacker needs to inject crafted packets between dial-in and dial-out in order to trigger a crash of Mpd5 daemon or an RCE. In the case of PPP the crafted message is an authentication message and in the case of L2TP it’s a control packet.
|
- SNS 4.0.0 to 4.3.16
- SNS 4.4.0 to 4.5.0
|
Workaround solution
|
Solution
|
There is no workaround solution.
|
The following versions fix this vulnerability
|
Attack Vector |
Attack Complexity |
Privileges Required |
User Interaction |
Scope |
Confidentiality Impact |
Integrity Impact |
Availability impact |
Adjacent Network |
High |
None |
None |
Unchanged |
None |
Low |
Low |
Exploit Code Maturity |
Remediation Level |
Report Confidence |
Unproven that exploit exists |
Official fix |
Reasonable |
Confidentiality Requirement |
Integrity Requirement |
Availability Requirement |
Low |
Low |
Medium |