PT-2019-15301 · Advantech · Advantech Diaganywhere Server

Z0Mb1E

Publicado

2019-12-13

Atualizado

2020-10-22

CVE-2019-18257

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Advantech DiagAnywhere Server versions 3.07.11 and prior

Description The issue is related to multiple stack-based buffer overflow vulnerabilities in the file transfer service of Advantech DiagAnywhere Server. These vulnerabilities could allow an unauthenticated attacker to execute arbitrary code with the privileges of the user running the server. The vulnerabilities exist in various functions, including FOLDER CREATE, FILE OPEN RO, FOLDER REMOVE, FILE CREATE, and SET CURR DIR.

Recommendations For Advantech DiagAnywhere Server versions 3.07.11 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Stack Overflow

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-121CWE-787

Identificadores relacionados

CVE-2019-18257

ZDI-19-1017

ZDI-19-1018

ZDI-19-1019

ZDI-19-1020

ZDI-19-1021

Produtos afetados

Advantech Diaganywhere Server

PT-2019-15301 · Advantech · Advantech Diaganywhere Server

CVE-2019-18257

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8