Security
Headlines
HeadlinesLatestCVEs

Headline

Vulnerability Spotlight: Callback Technologies CBFS Filter denial-of-service vulnerabilities

Emmanuel Tacheau of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered three denial-of-service vulnerabilities in Callback Technologies CBFS Filter. Callback Technologies has a CBFS file storage solution for use in customizing data persistence on devices. To accompany this, their CBFS Filter manages this file storage solution, allowing users to

TALOS
#vulnerability#cisco#dos

Tuesday, November 22, 2022 10:11

Emmanuel Tacheau of Cisco Talos discovered these vulnerabilities.

Cisco Talos recently discovered three denial-of-service vulnerabilities in Callback Technologies CBFS Filter.

Callback Technologies has a CBFS file storage solution for use in customizing data persistence on devices. To accompany this, their CBFS Filter manages this file storage solution, allowing users to create filter and access rules, modify and encrypt data, etc.

Talos has identified three null pointer dereference vulnerabilities in CBFS Filter:

TALOS-2022-1647 (CVE-2022-43588)

TALOS-2022-1648 (CVE-2022-43589)

TALOS-2022-1649 (CVE-2022-43590)

A specially crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger these vulnerabilities.

Cisco Talos worked with Callback Technologies to ensure that these issues were resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy.

Users are encouraged to update this affected product as soon as possible: Callback technologies CBFS Filter 20.0.8317. Talos tested and confirmed this version of the CBFS Filter could be exploited by these vulnerabilities.

The following Snort rules will detect exploitation attempts against these vulnerabilities: 60811-60812, 60807-60808, 60809-60810. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Related news

CVE-2022-43590: TALOS-2022-1649 || Cisco Talos Intelligence Group

A null pointer dereference vulnerability exists in the handle_ioctl_0x830a0_systembuffer functionality of Callback technologies CBFS Filter 20.0.8317. A specially-crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability.

CVE-2022-43589: TALOS-2022-1648 || Cisco Talos Intelligence Group

A null pointer dereference vulnerability exists in the handle_ioctl_8314C functionality of Callback technologies CBFS Filter 20.0.8317. A specially-crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability.

CVE-2022-43588: TALOS-2022-1647 || Cisco Talos Intelligence Group

A null pointer dereference vulnerability exists in the handle_ioctl_83150 functionality of Callback technologies CBFS Filter 20.0.8317. A specially-crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability.

TALOS: Latest News

New PXA Stealer targets government and education sectors for sensitive information