CVE-2018-6947

EPSS 3.2%

An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS library shipped with NoMachine 6.0.66_2 and earlier allows a local low privileged user to gain elevation of privileges on Windows 7 (32 and 64bit), and denial of service for Windows 8 and 10.

Affected products

n/a · n/a

public PoCs found — 4

cve_referencewww.exploit-db.com/exploits/44167/unverified cve_referencewww.exploit-db.com/exploits/44168/unverified exploitdbwww.exploit-db.com/exploits/44167unverified exploitdbwww.exploit-db.com/exploits/44168unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.exploit-db.com/exploits/44167/https://www.exploit-db.com/exploits/44168/https://www.fidusinfosec.com/nomachine-road-code-execution-without-fuzzing-cve-2018-6947/https://www.nomachine.com/SU02P00194 https://www.nomachine.com/SU02P00195 https://www.nomachine.com/TR02P08408