Lucene search

MitreCVE-2018-17408

HistoryOct 03, 2018 - 8:29 p.m.

CVE-2018-17408

2018-10-0320:29:07

CWE-787

mitre

web.nvd.nist.gov

cve-2018-17408

zahir accounting

buffer overflow

remote code execution

csv file

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.588

Percentile

97.8%

JSON

Stack-based buffer overflows in Zahir Accounting Enterprise Plus 6 through build 10b allow remote attackers to execute arbitrary code via a crafted CSV file that is accessed through the Import CSV File menu.

Affected configurations

Nvd

Node

zahiraccountingzahir_enterprise_plusMatch6

VendorProductVersionCPE
zahiraccountingzahir_enterprise_plus6cpe:2.3:a:zahiraccounting:zahir_enterprise_plus:6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
zahiraccounting	zahir_enterprise_plus	6	cpe:2.3:a:zahiraccounting:zahir_enterprise_plus:6:::::::*

References

blog.spentera.id/zahir-accounting-enterprise-plus-6/

www.exploit-db.com/exploits/45505/

www.exploit-db.com/exploits/45560/

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.588

Percentile

97.8%

JSON

Related for CVE-2018-17408