vendor:
Opium4 OPI Server, cyanPrintIP Easy OPI, cyanPrintIP Professional, cyanPrintIP Workstation, cyanPrintIP Standard, cyanPrintIP Basic
by:
SecurityFocus
7.5
CVSS
HIGH
Format-String and Denial-of-Service
134
CWE
Product Name: Opium4 OPI Server, cyanPrintIP Easy OPI, cyanPrintIP Professional, cyanPrintIP Workstation, cyanPrintIP Standard, cyanPrintIP Basic
Affected Version From: 4.10.1028
Affected Version To: 4.10.1030
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
Multiple cyan soft products Format-String and Denial-of-Service Vulnerabilities
Multiple cyan soft products are affected by a format-string vulnerability because they fail to adequately sanitize user-supplied input before passing it as the format-specifier to a formatted-printing function. These applications are also affected by a denial-of-service vulnerability because they fail to adequately handle certain commands during the start of a connection. Attackers can leverage these issues to execute arbitrary code in the context of the application or to terminate the application. Successful attacks will compromise the applications or deny access to legitimate users.
Mitigation:
Input validation should be used to ensure that user-supplied data is properly sanitized before being passed to a formatted-printing function. Additionally, applications should be designed to handle unexpected commands during the start of a connection.
