CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
99.0%
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.
Vendor | Product | Version | CPE |
---|---|---|---|
netatalk | netatalk | * | cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:* |
synology | diskstation_manager | * | cpe:2.3:a:synology:diskstation_manager:*:*:*:*:*:*:*:* |
synology | router_manager | * | cpe:2.3:a:synology:router_manager:*:*:*:*:*:*:*:* |
synology | skynas | - | cpe:2.3:a:synology:skynas:-:*:*:*:*:*:*:* |
synology | vs960hd_firmware | - | cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:* |
synology | vs960hd | - | cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:* |
debian | debian_linux | 9.0 | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
netatalk.sourceforge.net/3.1/ReleaseNotes3.1.12.html
packetstormsecurity.com/files/152440/QNAP-Netatalk-Authentication-Bypass.html
www.securityfocus.com/bid/106301
attachments.samba.org/attachment.cgi?id=14735
github.com/tenable/poc/tree/master/netatalk/cve_2018_1160/
www.debian.org/security/2018/dsa-4356
www.exploit-db.com/exploits/46034/
www.exploit-db.com/exploits/46048/
www.exploit-db.com/exploits/46675/
www.synology.com/security/advisory/Synology_SA_18_62
www.tenable.com/security/research/tra-2018-48
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
99.0%