Published: 15/03/2018 Updated: 04/03/2019

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 465

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

An issue exists in CloudMe 1.11.0. An unauthenticated local attacker that can connect to the "CloudMe Sync" client application listening on 127.0.0.1 port 8888 can send a malicious payload causing a buffer overflow condition. This will result in code execution, as demonstrated by a TCP reverse shell, or a crash. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-6892.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cloudme sync 1.11.0

####################################################### # Exploit Title: Local Buffer Overflow on CloudMe Sync v1110 # Date: 08032018 # Vendor Homepage: wwwcloudmecom/en # Software Link: wwwcloudmecom/downloads/CloudMe_1110exe # Category: Local # Exploit Discovery: Prasenjit Kanti Paul # Web: hack2rulewordpresscom/ ...

CloudMe Sync version 1110 suffers from a local buffer overflow vulnerability ...

CWE-119 https://0day4u.wordpress.com/2018/03/09/buffer-overflow-on-cloudme-sync-v1-11-0/https://www.exploit-db.com/exploits/44470/https://nvd.nist.gov https://www.exploit-db.com/exploits/44470/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-7886

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect