Improper WebRTC Input Validation in Pexip Infinity Affects Resource Management
CVE-2022-23228

7.5HIGH

Key Information:

Vendor: Pexip
Status: Pexip Infinity
Vendor: CVE Published:; 18 February 2022

What is CVE-2022-23228?

The Pexip Infinity product before version 27.0 is affected by an improper input validation issue related to WebRTC. This vulnerability allows unauthenticated remote attackers to exploit excessive resource usage, potentially leading to a denial of service condition. Effective mitigation requires timely updates and vigilance in monitoring resource consumption to prevent exploitation.

References

https://docs.pexip.com/admin/security_bulletins.htm

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 18, 2022
Vulnerability Reserved
Jan 14, 2022

JSON