CVE-2018-6892

Exploit

EPSS 89.67%
Veröffentlicht 11.02.2018 18:29:00
Zuletzt bearbeitet 21.11.2024 04:11:22
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in CloudMe before 1.11.0. An unauthenticated remote attacker that can connect to the "CloudMe Sync" client application listening on port 8888 can send a malicious payload causing a buffer overflow condition. This will result in an attacker controlling the program's execution flow and allowing arbitrary code execution.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 13

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cloudme ≫ Sync Version <= 1.10.9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	89.67%	0.995

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://hyp3rlinx.altervista.org/advisories/CLOUDME-SYNC-UNAUTHENTICATED-REMOTE-BUFFER-OVERFLOW.txt

Third Party Advisory

Exploit

http://packetstormsecurity.com/files/157407/CloudMe-1.11.2-Buffer-Overflow.html

http://packetstormsecurity.com/files/158716/CloudMe-1.11.2-SEH-Buffer-Overflow.html

http://packetstormsecurity.com/files/159327/CloudMe-1.11.2-Buffer-Overflow.html

https://blogs.securiteam.com/index.php/archives/3669

Third Party Advisory

Exploit

https://www.exploit-db.com/exploits/44027/

Third Party Advisory

Exploit