GLibc Buffer Overflow Vulnerability(CVE-2023-4911)
Vulnerability classification:Buffer Overflow Vulnerability
Source of vulnerability:Cybersecurity Notification
CVSS Level:High
Vulnerability description:A buffer overflow vulnerability exists in the dynamic loader ld.so of glibc, allowing local attackers to leverage this vulnerability to execute code with elevated privileges by crafting a specific GLIBC_TUNABLES environment variable.
Conclusion of evaluation:UIH does not have any operating system versions that contain this vulnerability.
Apache Log4j Vulnerability(CVE-2021-44228)
Vulnerability classification:Remote Code Execution Vulnerability
Source of vulnerability:Cybersecurity Notification
CVSS Level:Critical
Vulnerability description: Log4j2 is a commonly used Java logging framework. Attackers can exploit the recursive parsing feature to construct malicious requests, triggering a remote code execution vulnerability.
Conclusion of evaluation:UIH products do not involve the application of Log4j2, therefore, they are not affected by this vulnerability.
Windows Print Spooler Worm(CVE-2021-34527)
Vulnerability classification:Remote Code Execution Vulnerability
Source of vulnerability:Active monitoring and regular updates
CVSS Level:High
Vulnerability description:Windows Print Spooler is a printer background processing program widely used in various internal networks. Attackers can exploit this vulnerability to bypass the security verification of PfcAddPrinterDriver and install malicious drivers on print servers.
Conclusion of evaluation:We have reviewed all UIH products and found that versions based on Windows systems released before 2022 are vulnerable to this issue. We have provided solutions and corresponding patches to fix this vulnerability.
The range of products affected:UIH products software released before 2022
WannaCry Ransomwar(CVE-2017-0144)
Vulnerability classification:Remote Code Execution Vulnerability
Source of vulnerability:Active monitoring and regular updates
CVSS Level:High
Vulnerability description:This vulnerability allows remote attackers to execute arbitrary code through specially crafted packets, also known as the "Windows SMB Remote Code Execution Vulnerability.
Conclusion of evaluation:We have reviewed all UIH products and found that versions based on Windows systems released before 2017 are vulnerable to this issue. We have provided solutions and corresponding patches to fix this vulnerability.
The range of products affected:UIH products software released before 2017.