CVE-2019-17424 - A stack-based buffer overflow in the processPrivilage() function in IOS/process-general.c in nipper-

CVE-2019-17424

Summary

A stack-based buffer overflow in the processPrivilage() function in IOS/process-general.c in nipper-ng 0.11.10 allows remote attackers (serving firewall configuration files) to achieve Remote Code Execution or Denial Of Service via a crafted file.

References

http://packetstormsecurity.com/files/155378/nipper-ng-0.11.10-Remote-Buffer-Overflow.html
https://blog.vastart.dev/2019/10/stack-overflow-cve-2019-17424.html
https://code.google.com/archive/p/nipper-ng/source/default/source
https://github.com/guywhataguy/CVE-2019-17424
https://twitter.com/va_start

Vulnerable Configurations

cpe:2.3:a:nipper-ng_project:nipper-ng:0.11.10:*:*:*:*:*:*:*
cpe:2.3:a:nipper-ng_project:nipper-ng:0.11.10:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 18-11-2019 - 17:15)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

misc

http://packetstormsecurity.com/files/155378/nipper-ng-0.11.10-Remote-Buffer-Overflow.html
https://blog.vastart.dev/2019/10/stack-overflow-cve-2019-17424.html
https://code.google.com/archive/p/nipper-ng/source/default/source
https://github.com/guywhataguy/CVE-2019-17424
https://twitter.com/va_start

Last major update

18-11-2019 - 17:15

Published

22-10-2019 - 13:15

Last modified

18-11-2019 - 17:15