Vulnerabilities > CVE-2017-15663 - Improperly Implemented Security Check for Standard vulnerability in Flexense Disk Pulse 10.1.18

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
flexense
CWE-358
exploit available
NVD
Published: 2018-01-10
Updated: 2018-02-01

Summary

In Flexense Disk Pulse Enterprise v10.1.18, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9120.

Vulnerable Configurations

Part Description Count
Application
Flexense
1

Common Weakness Enumeration (CWE)

Exploit-Db

  • descriptionDisk Pulse Enterprise 10.1.18 - Denial of Service. CVE-2017-15663. Dos exploit for Windows platform
    fileexploits/windows/dos/43452.py
    idEDB-ID:43452
    last seen2018-01-24
    modified2018-01-08
    platformwindows
    port
    published2018-01-08
    reporterExploit-DB
    sourcehttps://www.exploit-db.com/download/43452/
    titleDisk Pulse Enterprise 10.1.18 - Denial of Service
    typedos
  • descriptionDisk Pulse Enterprise 10.1.18 - Buffer Overflow. CVE-2017-15663. Remote exploit for Windows platform
    fileexploits/windows/remote/43589.py
    idEDB-ID:43589
    last seen2018-01-24
    modified2018-01-15
    platformwindows
    port
    published2018-01-15
    reporterExploit-DB
    sourcehttps://www.exploit-db.com/download/43589/
    titleDisk Pulse Enterprise 10.1.18 - Buffer Overflow
    typeremote

Packetstorm

References