PT-2019-15301 · Advantech · Advantech Diaganywhere Server

Z0Mb1E

Published

2019-12-13

Updated

2020-10-22

CVE-2019-18257

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Advantech DiagAnywhere Server versions 3.07.11 and prior

Description The issue is related to multiple stack-based buffer overflow vulnerabilities in the file transfer service of Advantech DiagAnywhere Server. These vulnerabilities could allow an unauthenticated attacker to execute arbitrary code with the privileges of the user running the server. The vulnerabilities exist in various functions, including FOLDER CREATE, FILE OPEN RO, FOLDER REMOVE, FILE CREATE, and SET CURR DIR.

Recommendations For Advantech DiagAnywhere Server versions 3.07.11 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Stack Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-787

Related Identifiers

CVE-2019-18257

ZDI-19-1017

ZDI-19-1018

ZDI-19-1019

ZDI-19-1020

ZDI-19-1021

Affected Products

Advantech Diaganywhere Server

PT-2019-15301 · Advantech · Advantech Diaganywhere Server

CVE-2019-18257

Weakness Enumeration

Related Identifiers

Affected Products

References · 8