Описание
There exists an unauthenticated SEH based Buffer Overflow vulnerability in the HTTP server of Flexense SyncBreeze Enterprise v10.1.16. When sending a GET request with an excessive length, it is possible for a malicious user to overwrite the SEH record and execute a payload that would run under the Windows SYSTEM account.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:flexense:syncbreeze:10.1.16:*:*:*:enterprise:*:*:*
EPSS
Процентиль: 92%
0.09078
Низкий
7.8 High
CVSS3
7.2 High
CVSS2
Дефекты
CWE-119
Связанные уязвимости
CVSS3: 7.8
github
больше 3 лет назад
There exists an unauthenticated SEH based Buffer Overflow vulnerability in the HTTP server of Flexense SyncBreeze Enterprise v10.1.16. When sending a GET request with an excessive length, it is possible for a malicious user to overwrite the SEH record and execute a payload that would run under the Windows SYSTEM account.
EPSS
Процентиль: 92%
0.09078
Низкий
7.8 High
CVSS3
7.2 High
CVSS2
Дефекты
CWE-119