A buffer overflow vulnerability lies in the web server component of Dup Scout Enterprise 9.9.14, Disk Savvy Enterprise 9.9.14, Sync Breeze Enterprise 9.9.16, and Disk Pulse Enterprise 9.9.16 where an attacker can craft a malicious GET request and exploit the web server component. Successful exploitation of the software will allow an attacker to gain complete access to the system with NT AUTHORITY / SYSTEM level privileges. The vulnerability lies due to improper handling and sanitization of the incoming request.
References
Link | Resource |
---|---|
https://www.exploit-db.com/exploits/42557 | Exploit Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/42558/ | Exploit Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/42559/ | Exploit Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/42560/ | Exploit Third Party Advisory VDB Entry |
https://www.rapid7.com/db/modules/exploit/windows/http/disk_pulse_enterprise_get | Third Party Advisory |
https://www.exploit-db.com/exploits/42557 | Exploit Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/42558/ | Exploit Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/42559/ | Exploit Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/42560/ | Exploit Third Party Advisory VDB Entry |
https://www.rapid7.com/db/modules/exploit/windows/http/disk_pulse_enterprise_get | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
21 Nov 2024, 03:11
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.exploit-db.com/exploits/42557 - Exploit, Third Party Advisory, VDB Entry | |
References | () https://www.exploit-db.com/exploits/42558/ - Exploit, Third Party Advisory, VDB Entry | |
References | () https://www.exploit-db.com/exploits/42559/ - Exploit, Third Party Advisory, VDB Entry | |
References | () https://www.exploit-db.com/exploits/42560/ - Exploit, Third Party Advisory, VDB Entry | |
References | () https://www.rapid7.com/db/modules/exploit/windows/http/disk_pulse_enterprise_get - Third Party Advisory |
Information
Published : 2018-01-24 15:29
Updated : 2024-11-21 03:11
NVD link : CVE-2017-13696
Mitre link : CVE-2017-13696
CVE.ORG link : CVE-2017-13696
JSON object : View
Products Affected
flexense
- syncbreeze
- dupscout
- diskpulse
- disksavvy
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer