CVE-2018-6892 — CRITICAL (9.8)

Q: How severe is CVE-2018-6892?

CVE-2018-6892 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2018-6892?

Check the references section above for vendor advisories and patch information. Affected products include: Cloudme Sync.

Vulnerability Description

An issue was discovered in CloudMe before 1.11.0. An unauthenticated remote attacker that can connect to the "CloudMe Sync" client application listening on port 8888 can send a malicious payload causing a buffer overflow condition. This will result in an attacker controlling the program's execution flow and allowing arbitrary code execution.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cloudme	Sync	<= 1.10.9

Related Weaknesses (CWE)

CWE-119

References

http://hyp3rlinx.altervista.org/advisories/CLOUDME-SYNC-UNAUTHENTICATED-REMOTE-BExploitThird Party Advisory
http://packetstormsecurity.com/files/157407/CloudMe-1.11.2-Buffer-Overflow.html
http://packetstormsecurity.com/files/158716/CloudMe-1.11.2-SEH-Buffer-Overflow.h
http://packetstormsecurity.com/files/159327/CloudMe-1.11.2-Buffer-Overflow.html
https://blogs.securiteam.com/index.php/archives/3669ExploitThird Party Advisory
https://www.exploit-db.com/exploits/44027/ExploitThird Party AdvisoryVDB Entry
https://www.exploit-db.com/exploits/44175/ExploitThird Party AdvisoryVDB Entry
https://www.exploit-db.com/exploits/45197/ExploitThird Party AdvisoryVDB Entry
https://www.exploit-db.com/exploits/46250/ExploitThird Party AdvisoryVDB Entry
https://www.exploit-db.com/exploits/48840
http://hyp3rlinx.altervista.org/advisories/CLOUDME-SYNC-UNAUTHENTICATED-REMOTE-BExploitThird Party Advisory
http://packetstormsecurity.com/files/157407/CloudMe-1.11.2-Buffer-Overflow.html
http://packetstormsecurity.com/files/158716/CloudMe-1.11.2-SEH-Buffer-Overflow.h
http://packetstormsecurity.com/files/159327/CloudMe-1.11.2-Buffer-Overflow.html
https://blogs.securiteam.com/index.php/archives/3669ExploitThird Party Advisory

FAQ

What is CVE-2018-6892?

CVE-2018-6892 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered in CloudMe before 1.11.0. An unauthenticated remote attacker that can connect to the "CloudMe Sync" client application listening on port 8888 can send a malicious payload causi...

How severe is CVE-2018-6892?

CVE-2018-6892 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2018-6892?

Check the references section above for vendor advisories and patch information. Affected products include: Cloudme Sync.