PT-2017-14711 · Flexense · Syncbreeze Enterprise
Wetw0Rk
·
Published
2017-12-03
·
Updated
2017-12-20
·
CVE-2017-17099
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Flexense SyncBreeze Enterprise version 10.1.16
Description
The issue is related to an unauthenticated SEH based Buffer Overflow in the HTTP server. It can be triggered by sending a GET request with an excessive length, allowing a malicious user to overwrite the SEH record and potentially execute a payload under the Windows SYSTEM account.
Recommendations
For Flexense SyncBreeze Enterprise version 10.1.16, consider restricting access to the HTTP server until a patch is available. As a temporary workaround, limiting the length of incoming GET requests may help mitigate the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Syncbreeze Enterprise