Lucene search

[email protected]CVE-2010-5333

HistorySep 13, 2019 - 4:15 p.m.

CVE-2010-5333

2019-09-1316:15:12

CWE-120

[email protected]

web.nvd.nist.gov

228

cve-2010-5333

web server

buffer overflow

integard pro

code execution

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.042 Low

EPSS

Percentile

92.3%

JSON

The web server in Integard Pro and Home before 2.0.0.9037 and 2.2.x before 2.2.0.9037 has a buffer overflow via a long password in an administration login POST request, leading to arbitrary code execution. An SEH-overwrite buffer overflow already existed for the vulnerable software. This CVE is to track an alternate exploitation method, utilizing an EIP-overwrite buffer overflow.

Affected configurations

NVD

Node

integard_home_projectintegard_homeRange<2.0.0.9037

integard_home_projectintegard_homeRange2.2.0–2.2.0.9037

integard_pro_projectintegard_proRange<2.0.0.9037

integard_pro_projectintegard_proRange2.2.0–2.2.0.9037

CPENameOperatorVersion
integard_home_project:integard_homeintegard home project integard homelt2.0.0.9037
integard_home_project:integard_homeintegard home project integard homelt2.2.0.9037
integard_pro_project:integard_prointegard pro project integard prolt2.0.0.9037
integard_pro_project:integard_prointegard pro project integard prolt2.2.0.9037

CPE	Name	Operator	Version
integard_home_project:integard_home	integard home project integard home	lt	2.0.0.9037
integard_home_project:integard_home	integard home project integard home	lt	2.2.0.9037
integard_pro_project:integard_pro	integard pro project integard pro	lt	2.0.0.9037
integard_pro_project:integard_pro	integard pro project integard pro	lt	2.2.0.9037

References

github.com/purpl3-f0x/OSCE-prep/blob/master/eip_integard.py

github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/integard_password_bof.rb

purpl3f0xsec.tech/2019/08/04/osce-prep-integard.html

www.exploit-db.com/exploits/14941

www.exploit-db.com/exploits/15016

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.042 Low

EPSS

Percentile

92.3%

JSON

Related for CVE-2010-5333

cvelist1 nvd1 prion1