Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-2097

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2015-2097
Last Modified 11 May 2015 10:03:49
Published 09 Mar 2015 10:59:15
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-2097

Summary

Multiple buffer overflows in WebGate Embedded Standard Protocol (WESP) SDK allow remote attackers to execute arbitrary code via unspecified vectors to the (1) LoadImage or (2) LoadImageEx function in the WESPMonitor.WESPMonitorCtrl.1 control, (3) ChangePassword function in the WESPCONFIGLib.UserItem control, Connect function in the (4) WESPSerialPort.WESPSerialPortCtrl.1 or (5) WESPPLAYBACKLib.WESPPlaybackCtrl control, or (6) AddID function in the WESPCONFIGLib.IDList control or a (7) long string to the second argument to the ConnectEx3 function in the WESPPLAYBACKLib.WESPPlaybackCtrl control.

Vulnerable Systems

Application

  • Webgate Embedded Standard Protocol Sdk -


References

MISC - http://www.zerodayinitiative.com/advisories/ZDI-15-068/

MISC - http://www.zerodayinitiative.com/advisories/ZDI-15-062/

MISC - http://www.zerodayinitiative.com/advisories/ZDI-15-059/

FULLDISC - 20150223 WESP SDK multiple Remote Code Execution Vulnerabilities

MISC - http://packetstormsecurity.com/files/131072/WebGate-eDVR-Manager-Stack-Buffer-Overflow.html

EXPLOIT-DB - 36602

OSVDB - 118902

OSVDB - 118896

OSVDB - 118893


Last Updated: 27 May 2016 11:08:40