|
|
|||
| Rule General Information |
|---|
| Release Date: | 2018-08-06 | |
| Rule Name: | EXPLOIT CloudMe Sync Buffer Overflow vulnerability (CVE-2018-6892) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | An issue was discovered in CloudMe before 1.11.0. An unauthenticated remote attacker that can connect to the "CloudMe Sync" client application listening on port 8888 can send a malicious payload causing a buffer overflow condition. This will result in an attacker controlling the program's execution flow and allowing arbitrary code execution. | |
| Impact: | A buffer overflow vulnerability can be triggered by an attacker in the context of the vulnerable product. Further attacks includes arbitrary code execution and denial of service. | |
| Affected OS: | Network Device, Solaris, FreeBSD, Windows, Mac OS, iOS, Other Unix, Linux, Others, Android | |
| Reference: | http://hyp3rlinx.altervista.org/advisories/CLOUDME-SYNC-UNAUTHENTICATED-REMOTE-BUFFER-OVERFLOW.txt https://blogs.securiteam.com/index.php/archives/3669 ExploitDB:44027 ExploitDB:44175 |
|
| Solutions |
|---|
| Upgrade to version 1.11.0 to solve the problem. |