Buffer Overflow Vulnerability in Flexense SyncBreeze Enterprise
CVE-2017-17996

8.8HIGH

Key Information:

Vendor: Flexense
Status: Syncbreeze
Vendor: CVE Published:; 6 February 2018

What is CVE-2017-17996?

A buffer overflow vulnerability exists in the 'Add command' functionality of Flexense SyncBreeze Enterprise versions up to 10.3.14. This flaw can be exploited by an authenticated attacker who inputs command names exceeding 5000 characters. Successful exploitation may lead to server termination and could allow execution of commands with SYSTEM privileges, posing significant security risks.

References

http://seclists.org/fulldisclosure/2018/Feb/10

mailing-listx_refsource_FULLDISC

http://www.ryantzj.com/flexense-syncbreeze-entreprise-103...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 6, 2018
Vulnerability Reserved
Dec 29, 2017