|
|||
Rule General Information |
---|
Release Date: | 2018-08-06 | |
Rule Name: | EXPLOIT CloudMe Sync Buffer Overflow vulnerability (CVE-2018-6892) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | An issue was discovered in CloudMe before 1.11.0. An unauthenticated remote attacker that can connect to the "CloudMe Sync" client application listening on port 8888 can send a malicious payload causing a buffer overflow condition. This will result in an attacker controlling the program's execution flow and allowing arbitrary code execution. | |
Impact: | A buffer overflow vulnerability can be triggered by an attacker in the context of the vulnerable product. Further attacks includes arbitrary code execution and denial of service. | |
Affected OS: | Network Device, Solaris, FreeBSD, Windows, Mac OS, iOS, Other Unix, Linux, Others, Android | |
Reference: | http://hyp3rlinx.altervista.org/advisories/CLOUDME-SYNC-UNAUTHENTICATED-REMOTE-BUFFER-OVERFLOW.txt https://blogs.securiteam.com/index.php/archives/3669 ExploitDB:44027 ExploitDB:44175 |
|
Solutions |
---|
Upgrade to version 1.11.0 to solve the problem. |