Lucene search

[email protected]CVE-2015-2901

HistoryOct 29, 2015 - 10:59 a.m.

CVE-2015-2901

2015-10-2910:59:31

CWE-119

[email protected]

web.nvd.nist.gov

cve-2015-2901

buffer overflow

remote code execution

medicomp medcin engine

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.04 Low

EPSS

Percentile

92.0%

JSON

Multiple stack-based buffer overflows in Medicomp MEDCIN Engine 2.22.20142.166 might allow remote attackers to execute arbitrary code via a crafted packet on port 8190, related to (1) the GetProperty info_getproperty function and (2) the GetProperty UdfCodeList function.

Affected configurations

NVD

Node

medicompmedcin_engineMatch2.22.20142.166

CPENameOperatorVersion
medicomp:medcin_enginemedicomp medcin engineeq2.22.20142.166

CPE	Name	Operator	Version
medicomp:medcin_engine	medicomp medcin engine	eq	2.22.20142.166

References

www.kb.cert.org/vuls/id/675052

www.securifera.com/advisories/CVE-2015-2898-2901/

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.04 Low

EPSS

Percentile

92.0%

JSON

Related for CVE-2015-2901

cvelist1 nvd1 prion1 cert1