CVE-2018-6892 Information
Share on:Description
An issue was discovered in CloudMe before 1.11.0. An unauthenticated remote attacker that can connect to the \CloudMe Sync\ client application listening on port 8888 can send a malicious payload causing a buffer overflow condition. This will result in an attacker controlling the program’s execution flow and allowing arbitrary code execution.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
http://hyp3rlinx.altervista.org/advisories/CLOUDME-SYNC-UNAUTHENTICATED-REMOTE-BUFFER-OVERFLOW.txt http://packetstormsecurity.com/files/157407/CloudMe-1.11.2-Buffer-Overflow.html http://packetstormsecurity.com/files/158716/CloudMe-1.11.2-SEH-Buffer-Overflow.html http://packetstormsecurity.com/files/159327/CloudMe-1.11.2-Buffer-Overflow.html https://blogs.securiteam.com/index.php/archives/3669 https://www.exploit-db.com/exploits/44027/ https://www.exploit-db.com/exploits/44175/ https://www.exploit-db.com/exploits/45197/ https://www.exploit-db.com/exploits/46250/ https://www.exploit-db.com/exploits/48840
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8