CVE-2017-13696

Name of the Vulnerable Software and Affected Versions DiskPulse versions 9.9.16 and earlier DiskSavvy versions 9.9.14 and earlier DupScout versions 9.9.14 and earlier SyncBreeze versions 9.9.16 and earlier

Description The issue is caused by a buffer overflow in the web server component of the affected software. This can be exploited by a remote attacker using a specially crafted HTTP GET request, allowing them to gain access to the system with NT AUTHORITY / SYSTEM level privileges. The vulnerability is due to improper handling and sanitization of incoming requests.

Recommendations For DiskPulse version 9.9.16 and earlier, update to a version that fixes the buffer overflow vulnerability. For DiskSavvy version 9.9.14 and earlier, update to a version that fixes the buffer overflow vulnerability. For DupScout version 9.9.14 and earlier, update to a version that fixes the buffer overflow vulnerability. For SyncBreeze version 9.9.16 and earlier, update to a version that fixes the buffer overflow vulnerability. As a temporary workaround, consider restricting access to the web server component until a patch is available.