Vulnerability Description
Multiple buffer overflows in WebGate Embedded Standard Protocol (WESP) SDK allow remote attackers to execute arbitrary code via unspecified vectors to the (1) LoadImage or (2) LoadImageEx function in the WESPMonitor.WESPMonitorCtrl.1 control, (3) ChangePassword function in the WESPCONFIGLib.UserItem control, Connect function in the (4) WESPSerialPort.WESPSerialPortCtrl.1 or (5) WESPPLAYBACKLib.WESPPlaybackCtrl control, or (6) AddID function in the WESPCONFIGLib.IDList control or a (7) long string to the second argument to the ConnectEx3 function in the WESPPLAYBACKLib.WESPPlaybackCtrl control.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Webgate | Webgate Embedded Standard Protocol Sdk | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/131072/WebGate-eDVR-Manager-Stack-Buffer-OvExploit
- http://seclists.org/fulldisclosure/2015/Feb/90Exploit
- http://www.osvdb.org/118893
- http://www.osvdb.org/118896
- http://www.osvdb.org/118902
- http://www.securityfocus.com/bid/72835
- http://www.zerodayinitiative.com/advisories/ZDI-15-059/
- http://www.zerodayinitiative.com/advisories/ZDI-15-062/
- http://www.zerodayinitiative.com/advisories/ZDI-15-068/
- https://www.exploit-db.com/exploits/36505/
- https://www.exploit-db.com/exploits/36602/Exploit
- https://www.exploit-db.com/exploits/36607/
- http://packetstormsecurity.com/files/131072/WebGate-eDVR-Manager-Stack-Buffer-OvExploit
- http://seclists.org/fulldisclosure/2015/Feb/90Exploit
- http://www.osvdb.org/118893
FAQ
What is CVE-2015-2097?
CVE-2015-2097 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple buffer overflows in WebGate Embedded Standard Protocol (WESP) SDK allow remote attackers to execute arbitrary code via unspecified vectors to the (1) LoadImage or (2) LoadImageEx function in ...
How severe is CVE-2015-2097?
CVE-2015-2097 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-2097?
Check the references section above for vendor advisories and patch information. Affected products include: Webgate Webgate Embedded Standard Protocol Sdk.