CVE-2018-6947

EPSS 3.2%

An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS library shipped with NoMachine 6.0.66_2 and earlier allows a local low privileged user to gain elevation of privileges on Windows 7 (32 and 64bit), and denial of service for Windows 8 and 10.

Productos afectados

n/a · n/a

PoCs públicas encontradas — 4

cve_referencewww.exploit-db.com/exploits/44167/no verificado cve_referencewww.exploit-db.com/exploits/44168/no verificado exploitdbwww.exploit-db.com/exploits/44167no verificado exploitdbwww.exploit-db.com/exploits/44168no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.exploit-db.com/exploits/44167/https://www.exploit-db.com/exploits/44168/https://www.fidusinfosec.com/nomachine-road-code-execution-without-fuzzing-cve-2018-6947/https://www.nomachine.com/SU02P00194 https://www.nomachine.com/SU02P00195 https://www.nomachine.com/TR02P08408