Summary

  • Name: DupScout Enterprise 10.0.18 'sid' Buffer Overflow

  • Code name: Prine

  • Product: DupScout Enterprise

  • Versions: 10.0.18

  • Fixed versions: 13.2.24

  • Release date: 2020-12-15 14:00 COT

Vulnerability

Description

A stack buffer overflow was found in the sid GET parameter of several requests of DupScout Enterprise 10.0.18 which can be exploited by an unauthenticated, remote user to gain NT AUTHORITY\SYSTEM privileges on the server holding the affected software.

Exploit

A first version of the exploit was published at Exploit DB and an updated exploit can be found here.

Mitigation

An updated version of DupScout Enterprise is available at the vendor page.

Credits

The vulnerability was discovered by Andrés Roldán from the Offensive Team of Fluid Attacks.

References

  1. CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29659

  2. Exploit: https://www.exploit-db.com/exploits/49217

  3. Updated exploit: prine-exploit.py

  4. Vendor page: https://www.dupscout.com/

OWASP logo

Corporate member of The OWASP Foundation

Clutch Review

Copyright © 2021 Fluid Attacks, We hack your software. All rights reserved.

Service status - Terms of Use - Privacy Policy - Cookie Policy