CloudMe Sync Unauthenticated Remote Buffer Overflow

vendor:

CloudMe Sync

by:

John Page (aka hyp3rlinx)

9.8

CVSS

CRITICAL

Buffer Overflow

119

CWE

Product Name: CloudMe Sync

Affected Version From: CloudMe Sync <= v1.10.9

Affected Version To: CloudMe Sync <= v1.10.9

Patch Exists: NO

Related CWE: CVE-2018-6892

CPE: a:cloudme:cloudme_sync:1.10.9

Metasploit:

Other Scripts:

Platforms Tested:

2018

CloudMe Sync Unauthenticated Remote Buffer Overflow

Unauthenticated remote attackers that can connect to the "CloudMe Sync" client application listening on port 8888, can send a malicious payload causing a Buffer Overflow condition. This will result in an attacker controlling the programs execution flow and allowing arbitrary code execution on the victims PC.

Mitigation:

Unknown

Source

CloudMe Sync Unauthenticated Remote Buffer Overflow

Mitigation:

Exploit-DB raw data: