Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
MaxGutberletRM
Explorer

CVE-2022-27255 - when do we get a signature ?

Gents,

after DEFCON, CVE-2022-27255 is creating a bit of a panic - and for good reasons, a quick "look" at my own corporate network shows me >100 devices affected usind the Realtek SDK in question.

As this is "simple" fixable with looking at the malformed SIP packages, can we get a signature update to the thread protection asap please ?

"It looks for "INVITE" messages with the string "m=audio" and triggers when there are more than 128 bytes (size of the allocated buffer by the Realtek SDK) and if none of them is a carriage return." (Source: bleepingcomputer)

Thx

MG

Details:

https://www.bleepingcomputer.com/news/security/exploit-out-for-critical-realtek-flaw-affecting-many-...

0 Kudos
2 Replies
Chris_Atkinson
Employee
Employee

If not already please raise it with TAC and follow-up with your SE accordingly to track the request. 

Note we also support importing SNORT signatures, perhaps useful as an interim measure.

0 Kudos
CE_SE
Employee
Employee

How quick are turn-around times for IPS signature updates addressing newly found vulnerabilities 

CVE Advisories 

 

This information might help. You can also subscribe to the 2nd one.

0 Kudos