Stack-based buffer overflow in PAC Control Professional and PAC Control Basic - CVE-2018-04154
Published: September 4, 2018 / Updated: September 5, 2018
Vulnerability identifier: #VU14601
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2018-04154
CWE-ID: CWE-121
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Opto22
Affected software:
PAC Control Professional
PAC Control Basic
PAC Control Professional
PAC Control Basic
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to stack-based buffer overflow when using a maliciously crafted PAC Control strategy. A remote unauthenticated attacker can edit an OptoScript block containing a string literal that is longer than 63 characters and has no spaces, trigger memory corruption and cause the service to crash or execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
How to mitigate CVE-2018-04154
Update to the latest versions.