Buffer Overflow Vulnerability in Flexense SyncBreeze Enterprise
CVE-2017-15950

7.8HIGH

Key Information:

Vendor: Flexense
Status: Syncbreeze
Vendor: CVE Published:; 31 October 2017

Badges

👾 Exploit Exists🟣 EPSS 10%

What is CVE-2017-15950?

Flexense SyncBreeze Enterprise version 10.1.16 contains a vulnerability that allows for a buffer overflow, which can be exploited to execute arbitrary code. This vulnerability can be triggered when an attacker inputs excessively long data into the 'Destination directory' field, either via an XML document or during operation in passive mode. Successful exploitation of this vulnerability poses significant security risks as it may grant unauthorized access to sensitive information or systems.

References

http://seclists.org/fulldisclosure/2017/Oct/64

x_refsource_MISC

http://packetstormsecurity.com/files/162008/SyncBreeze-10...

x_refsource_MISC

EPSS Score

10% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
May 31, 2021
👾
Exploit known to exist
May 31, 2021
Vulnerability published
Oct 31, 2017
Vulnerability Reserved
Oct 27, 2017