DupScout Enterprise 10.0.18 BoF
9,8
Critical
Discovered by
Offensive Team, Fluid Attacks
Summary
Full name
DupScout Enterprise 10.0.18 'sid' Buffer Overflow
Code name
Release date
15 dic 2020
Affected product
DupScout Enterprise
Affected version(s)
10.0.18
Fixed version(s)
13.2.24
Vulnerability name
Stack Buffer Overflow
Vulnerability type
Remotely exploitable
Yes
CVSS v3.0 vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v3.0 base score
9.8
CVSS v2.0 vector string
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS v2.0 base score
10
Exploit available
Yes
Exploit URL
CVE ID(s)
Description
A stack buffer overflow was found in the sid GET parameter of several requests of DupScout Enterprise 10.0.18 which can be exploited by an unauthenticated, remote user to gain NT AUTHORITY\SYSTEM privileges on the server holding the affected software.
Exploit
A first version of the exploit was published at Exploit DB and an updated exploit can be found here.
Mitigation
An updated version of DupScout Enterprise is available at the vendor page.
References
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29659
Updated exploit prine-exploit.py
Vendor page https://www.dupscout.com/
