CVE-2018-6892

An issue was discovered in CloudMe before 1.11.0. An unauthenticated remote attacker that can connect to the "CloudMe Sync" client application listening on port 8888 can send a malicious payload causing a buffer overflow condition. This will result in an attacker controlling the program's execution flow and allowing arbitrary code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
cloudmesync
𝑥
≤ 1.10.9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://hyp3rlinx.altervista.org/advisories/CLOUDME-SYNC-UNAUTHENTICATED-REMOTE-BUFFER-OVERFLOW.txt
http://packetstormsecurity.com/files/157407/CloudMe-1.11.2-Buffer-Overflow.html
http://packetstormsecurity.com/files/158716/CloudMe-1.11.2-SEH-Buffer-Overflow.html
http://packetstormsecurity.com/files/159327/CloudMe-1.11.2-Buffer-Overflow.html
https://blogs.securiteam.com/index.php/archives/3669
https://www.exploit-db.com/exploits/44027/
https://www.exploit-db.com/exploits/44175/
https://www.exploit-db.com/exploits/45197/
https://www.exploit-db.com/exploits/46250/
https://www.exploit-db.com/exploits/48840
http://hyp3rlinx.altervista.org/advisories/CLOUDME-SYNC-UNAUTHENTICATED-REMOTE-BUFFER-OVERFLOW.txt
http://packetstormsecurity.com/files/157407/CloudMe-1.11.2-Buffer-Overflow.html
http://packetstormsecurity.com/files/158716/CloudMe-1.11.2-SEH-Buffer-Overflow.html
http://packetstormsecurity.com/files/159327/CloudMe-1.11.2-Buffer-Overflow.html
https://blogs.securiteam.com/index.php/archives/3669
https://www.exploit-db.com/exploits/44027/
https://www.exploit-db.com/exploits/44175/
https://www.exploit-db.com/exploits/45197/
https://www.exploit-db.com/exploits/46250/
https://www.exploit-db.com/exploits/48840