CVE-2019-17424

Name of the Vulnerable Software and Affected Versions nipper-ng version 0.11.10

Description A stack-based buffer overflow in the processPrivilage() function allows remote attackers to achieve Remote Code Execution or Denial Of Service via a crafted file. This issue is related to the processing of firewall configuration files.

Recommendations For nipper-ng version 0.11.10, consider disabling the processPrivilage() function as a temporary workaround until a patch is available. Restrict access to the IOS/process-general.c module to minimize the risk of exploitation. Avoid using crafted firewall configuration files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.