DupScout Enterprise 10.0.18 BoF

Summary

Name

DupScout Enterprise 10.0.18 'sid' Buffer Overflow

Code name

Prine

Product

DupScout Enterprise

Versions

10.0.18

Fixed versions

13.2.24

Release date

2020-12-15 14:00 COT

Vulnerability

Kind

Stack Buffer Overflow

Rule

345. Establish protections against overflows

Remote

Yes

CVSSv3 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSSv3 Base Score

9.8 CRITICAL

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSSv2 Base Score

10 HIGH

Exploit available

Yes

Exploit URL

https://www.exploit-db.com/exploits/49217

CVE ID(s)

CVE-2020-29659

Description

A stack buffer overflow was found in the sid GET parameter of several requests of DupScout Enterprise 10.0.18 which can be exploited by an unauthenticated, remote user to gain NT AUTHORITY\SYSTEM privileges on the server holding the affected software.

Exploit

A first version of the exploit was published at Exploit DB and an updated exploit can be found here.

Mitigation

An updated version of DupScout Enterprise is available at the vendor page.

Credits

The vulnerability was discovered by Andrés Roldán from the Offensive Team of Fluid Attacks.

References

CVE

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29659

Exploit

https://www.exploit-db.com/exploits/49217

Updated exploit

prine-exploit.py

Vendor page

https://www.dupscout.com/