Buffer overflow

2018-01-2415:29:00

PRIOn knowledge base

www.prio-n.com

9.6 High

AI Score

Confidence

High

0.963 High

EPSS

Percentile

99.6%

JSON

A buffer overflow vulnerability lies in the web server component of Dup Scout Enterprise 9.9.14, Disk Savvy Enterprise 9.9.14, Sync Breeze Enterprise 9.9.16, and Disk Pulse Enterprise 9.9.16 where an attacker can craft a malicious GET request and exploit the web server component. Successful exploitation of the software will allow an attacker to gain complete access to the system with NT AUTHORITY / SYSTEM level privileges. The vulnerability lies due to improper handling and sanitization of the incoming request.

CPENameOperatorVersion
diskpulseeq9.9.16
disksavvyeq9.9.14
dupscouteq9.9.14
syncbreezeeq9.9.16

Name	Operator	Version
diskpulse	eq	9.9.16
disksavvy	eq	9.9.14
dupscout	eq	9.9.14
syncbreeze	eq	9.9.16

References

www.exploit-db.com/exploits/42557

www.exploit-db.com/exploits/42558/

www.exploit-db.com/exploits/42559/

www.exploit-db.com/exploits/42560/

www.rapid7.com/db/modules/exploit/windows/http/disk_pulse_enterprise_get