CVE-2019-17424

moderate-risk
Published 2019-10-22

A stack-based buffer overflow in the processPrivilage() function in IOS/process-general.c in nipper-ng 0.11.10 allows remote attackers (serving firewall configuration files) to achieve Remote Code Execution or Denial Of Service via a crafted file.

Do I need to act?

!
28.4% chance of exploitation in next 30 days
EPSS score — higher than 72% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
47673
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10 High
LOCAL / LOW complexity

Affected Products (1)

Affected Vendors

Nipper-Ng Project

References (10)

http://packetstormsecurity.com/files/155378/nipper-ng-0.11.10-Remote-Buffer-Over...
Exploit https://blog.vastart.dev/2019/10/stack-overflow-cve-2019-17424.html
Third Party Advisory https://code.google.com/archive/p/nipper-ng/source/default/source
Third Party Advisory https://github.com/guywhataguy/CVE-2019-17424
Third Party Advisory https://twitter.com/va_start
http://packetstormsecurity.com/files/155378/nipper-ng-0.11.10-Remote-Buffer-Over...
Exploit https://blog.vastart.dev/2019/10/stack-overflow-cve-2019-17424.html
Third Party Advisory https://code.google.com/archive/p/nipper-ng/source/default/source
Third Party Advisory https://github.com/guywhataguy/CVE-2019-17424
Third Party Advisory https://twitter.com/va_start
44
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 15/34 · Moderate
Exposure 5/34 · Minimal