CVE-2018-25345

10-Strike Network Scanner 3.0 Local Buffer Overflow SEH

CVSS 8.6 HIGHEPSS 0.2%CWE-120

10-Strike Network Scanner 3.0 contains a local buffer overflow vulnerability in the host name field that allows attackers to bypass SafeSEH protections and execute arbitrary code. Attackers can craft a malicious payload in the host name or address field and trigger the vulnerability through the Trace route or System information functions to achieve code execution.

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

10-Strike · Network Scanner

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/44841unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.10-strike.com/https://www.exploit-db.com/exploits/44841 https://www.vulncheck.com/advisories/10-strike-network-scanner-local-buffer-overflow-seh