Vulnerability identifier: #VU10579

Vulnerability risk: High

CVSSv3.1: 9.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C]

CVE-ID: CVE-2018-6892

CWE-ID: CWE-120

Exploitation vector: Network

Exploits in database: 8

• June 17, 2021
  • Cloudme 1.9 - Buffer Overflow (DEP) (Metasploit) [Exploit-DB]
  • CloudMe Sync < 1.11.0 - Buffer Overflow [Exploit-DB]
  • CloudMe Sync 1.11.2 Buffer Overflow - WoW64 (DEP Bypass) [Exploit-DB]
  • CloudMe Sync 1.11.2 - Buffer Overflow + Egghunt [Exploit-DB]
  • CloudMe 1.11.2 - Buffer Overflow ROP (DEP_ASLR) [Exploit-DB]
• February 1, 2021
  • CVE-Exploits (PoCs for public CVEs I have been working on) [Github]
• July 22, 2020
  • CVE-2018-6892-Golang (Ported Exploit From Python To Golang) [Github]
• March 18, 2020
  • CloudMe Sync v1.10.9 [Metasploit]

Impact: Code execution

Vulnerable software:
CloudMe
Client/Desktop applications / Software for system administration

Vendor: CloudMe