Vulnerability Description
The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of service (memory corruption).
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mpd Project | Mpd | < 5.9 |
| Stormshield | Stormshield Network Security | >= 4.0.0, < 4.3.17 |
Related Weaknesses (CWE)
References
- https://sourceforge.net/p/mpd/bugs/70/ExploitIssue TrackingThird Party Advisory
- https://sourceforge.net/p/mpd/svn/2377/PatchThird Party Advisory
- https://sourceforge.net/p/mpd/bugs/70/ExploitIssue TrackingThird Party Advisory
- https://sourceforge.net/p/mpd/svn/2377/PatchThird Party Advisory
FAQ
What is CVE-2020-7465?
CVE-2020-7465 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of servic...
How severe is CVE-2020-7465?
CVE-2020-7465 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-7465?
Check the references section above for vendor advisories and patch information. Affected products include: Mpd Project Mpd, Stormshield Stormshield Network Security.