CVE-2026-22321

{"id": "CVE-2026-22321", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "info@cert.vde.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2026-03-18T08:16:29.527", "references": [{"url": "https://certvde.com/de/advisories/VDE-2025-104", "source": "info@cert.vde.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "info@cert.vde.com", "description": [{"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "A stack-based buffer overflow in the device's Telnet/SSH CLI login routine occurs when a unauthenticated attacker send an oversized or unexpected username input. An overflow condition crashes the thread handling the login attempt, forcing the session to close. Because other CLI sessions remain unaffected, the impact is limited to a low\u2011severity availability disruption."}, {"lang": "es", "value": "Un desbordamiento de b\u00fafer basado en pila en la rutina de inicio de sesi\u00f3n CLI de Telnet/SSH del dispositivo ocurre cuando un atacante no autenticado env\u00eda una entrada de nombre de usuario sobredimensionada o inesperada. Una condici\u00f3n de desbordamiento bloquea el hilo que maneja el intento de inicio de sesi\u00f3n, forzando el cierre de la sesi\u00f3n. Debido a que otras sesiones CLI no se ven afectadas, el impacto se limita a una interrupci\u00f3n de disponibilidad de baja gravedad."}], "lastModified": "2026-03-18T14:52:44.227", "sourceIdentifier": "info@cert.vde.com"}