← back
CVE-2018-25295

ObserverIP Scan Tool 1.4.0.1 Denial of Service via IP Field

CVSS 6.9 MEDIUMEPSS 0.1%CWE-789
ObserverIP Scan Tool 1.4.0.1 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the IP input field. Attackers can paste a 2000-byte buffer of repeated characters into the IP field and trigger a search operation to cause an application crash.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected products
P10 · ObserverIP Scan Tool
public PoCs found1
cve_referencewww.exploit-db.com/exploits/45204unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://p10.secure.hostingprod.com/@site.ambientweatherstore.com/ssl/iptools/IPTools64bit.exehttps://www.ambientweather.comhttps://www.exploit-db.com/exploits/45204https://www.vulncheck.com/advisories/observerip-scan-tool-denial-of-service-via-ip-field