CVE-2020-7465

CRITICAL

mpd < 5.9 - Remote Code Execution via L2TP AVP Q.931 Cause Code

Title source: llm
STIX 2.1

Description

The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of service (memory corruption).

References (2)

Core 2
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://sourceforge.net/p/mpd/bugs/70/
Patch, Third Party Advisory x_refsource_misc
https://sourceforge.net/p/mpd/svn/2377/

Scores

CVSS v3 9.8
EPSS 0.0295
EPSS Percentile 85.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (3)
mpd_project/mpd < 5.9
stormshield/stormshield_network_security 4.4.0
stormshield/stormshield_network_security 4.0.0 - 4.3.17
Published Oct 06, 2020
Tracked Since Feb 18, 2026