Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-3175 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Zenworks Configuration Management

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents4 sources

Severity

10.0CRITICALNVD

EPSS

76.2%

top 1.07%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Novell Zenworks Configuration Management

Timeline

PublishedApr 9

Latest updateMay 17

Description

Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x6c request.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDnovell/zenworks_configuration_management11.1, 11.1a+1

🔴Vulnerability Details

GHSA

GHSA-3w76-w7w4-rg38: Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11↗2022-05-17

▶

CVEList

CVE-2011-3175: Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11↗2012-04-09

▶

💥Exploits & PoCs

Exploit-DB

Novell ZENworks Configuration Management Preboot Service - 0x4c Buffer Overflow (Metasploit)↗2012-07-20

▶

Exploit-DB

Novell ZENworks Configuration Management Preboot Service - 0x6c Buffer Overflow (Metasploit)↗2012-07-20

▶