Buffer Overflow Vulnerability in SysGauge Product by SysGauge
CVE-2017-6416

9.8CRITICAL

Key Information:

Vendor: Flexense
Status: Sysgauge
Vendor: CVE Published:; 6 March 2017

What is CVE-2017-6416?

A vulnerability found in SysGauge version 1.5.18 involves a buffer overflow during SMTP connection verification. This flaw can allow an attacker to execute arbitrary code through a specially crafted SMTP daemon that sends an excessively long '220 Service ready' string, potentially compromising system integrity and data security.

References

https://www.exploit-db.com/exploits/41479/

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/bid/96568

vdb-entryx_refsource_BID

EPSS Score

64% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 6, 2017
Vulnerability Reserved
Mar 1, 2017

Flexense

What is CVE-2017-6416?

References

EPSS Score

CVSS V3.1

Timeline