Vulnerabilities > CVE-2019-17424 - Out-of-bounds Write vulnerability in Nipper-Ng Project Nipper-Ng 0.11.10

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

nipper-ng-project

CWE-787

exploit available

NVD

Published: 2019-10-22

Updated: 2019-11-18

Summary

A stack-based buffer overflow in the processPrivilage() function in IOS/process-general.c in nipper-ng 0.11.10 allows remote attackers (serving firewall configuration files) to achieve Remote Code Execution or Denial Of Service via a crafted file.

Vulnerable Configurations

Part	Description	Count
Application	Nipper-Ng_Project Nipper NG Project Nipper NG 0.11.10	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Exploit-Db

id	EDB-ID:47673
last seen	2019-11-18
modified	2019-11-18
published	2019-11-18
reporter	Exploit-DB
source	https://www.exploit-db.com/download/47673
title	nipper-ng 0.11.10 - Remote Buffer Overflow (PoC)

Packetstorm

data source	https://packetstormsecurity.com/files/download/155378/nipperng01110-overflow.txt
id	PACKETSTORM:155378
last seen	2019-11-19
published	2019-11-18
reporter	Guy Levin
source	https://packetstormsecurity.com/files/155378/nipper-ng-0.11.10-Remote-Buffer-Overflow.html
title	nipper-ng 0.11.10 Remote Buffer Overflow

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

Packetstorm

References