CVE-2023-31455: 
Pexip Infinity Management Node vulnerability analysis and mitigation

Pexip Infinity before 31.2 has Improper Input Validation for RTCP (Real-time Transport Control Protocol), allowing remote attackers to trigger an abort. The vulnerability was disclosed on December 25, 2023, and has been assigned CVE-2023-31455. This security issue affects all versions of Pexip Infinity prior to version 31.2 (Vendor Advisory).

The vulnerability has been classified with a CVSS v3.1 Base Score of 7.5 HIGH (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). The issue stems from improper input validation in the RTCP implementation, which can be exploited remotely. The vulnerability is categorized under CWE-20 (Improper Input Validation) (NVD).

When successfully exploited, this vulnerability allows remote attackers to trigger a software abort, resulting in a denial of service condition. The impact is limited to availability, with no direct effect on confidentiality or integrity of the system (NVD).

The primary resolution is to upgrade to Pexip Infinity version 31.2 or later. No alternative mitigations or workarounds have been documented for this vulnerability (Vendor Advisory).