PT-2017-3591 · Advantech · Advantech Webaccess

Publicado

2017-08-04

Atualizado

2019-10-09

CVE-2017-16724

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Advantech WebAccess versions prior to 8.3

Description: The issue is caused by a stack-based buffer overflow in the BwFreRPT component of Advantech WebAccess. This allows a remote attacker to execute arbitrary code as an administrator. The vulnerability is due to writing too much data to a location on the stack.

Recommendations: For versions prior to 8.3, update to version 8.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable components until a patch is available. Avoid using functions or parameters that may trigger the buffer overflow until the issue is resolved.

Correção

Stack Overflow

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-121CWE-119

Identificadores relacionados

BDU:2018-00530

CVE-2017-16724

ZDI-18-023

ZDI-18-025

ZDI-18-041

ZDI-18-042

ZDI-18-043

ZDI-18-044

ZDI-18-045

ZDI-18-046

ZDI-18-047

ZDI-18-048

ZDI-18-049

ZDI-18-050

ZDI-18-051

ZDI-18-052

ZDI-18-053

ZDI-18-054

ZDI-18-058

ZDI-18-060

ZDI-18-061

ZDI-18-062

Produtos afetados

Advantech Webaccess

PT-2017-3591 · Advantech · Advantech Webaccess

CVE-2017-16724

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 26