← Back to CVEs
CVE-2019-18257
CRITICAL9.8
Description
In Advantech DiagAnywhere Server, Versions 3.07.11 and prior, multiple stack-based buffer overflow vulnerabilities exist in the file transfer service listening on the TCP port. Successful exploitation could allow an unauthenticated attacker to execute arbitrary code with the privileges of the user running DiagAnywhere Server.
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published12/17/2019
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
advantech:diaganywhere
Weaknesses (CWE)
CWE-121CWE-787
References
https://www.us-cert.gov/ics/advisories/icsa-19-346-01(ics-cert@hq.dhs.gov)
https://www.us-cert.gov/ics/advisories/icsa-19-346-01(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.