DupScout Enterprise 10.0.18 BoF
|Name||DupScout Enterprise 10.0.18 'sid' Buffer Overflow|
|Release date||2020-12-15 14:00 COT|
|Kind||Stack Buffer Overflow|
|Rule||345. Establish protections against overflows|
|CVSSv3 Base Score||9.8 CRITICAL|
|CVSSv2 Base Score||10 HIGH|
A stack buffer overflow was found in the
GET parameter of
several requests of DupScout Enterprise 10.0.18 which can be exploited
by an unauthenticated, remote user to gain
privileges on the server holding the affected software.
A first version of the exploit was published at Exploit DB and an updated exploit can be found here.
An updated version of DupScout Enterprise is available at the vendor page.
The vulnerability was discovered by Andrés
Roldán from the Offensive
Updated exploit prine-exploit.py
Vendor page https://www.dupscout.com/