cbcvebase.
CVE-2017-13696
published 2018-01-24

CVE-2017-13696: A buffer overflow vulnerability lies in the web server component of Dup Scout Enterprise 9.9.14, Disk Savvy Enterprise 9.9.14, Sync Breeze Enterprise 9.9.16…

PriorityP182critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
79.67%
99.6th percentile
A buffer overflow vulnerability lies in the web server component of Dup Scout Enterprise 9.9.14, Disk Savvy Enterprise 9.9.14, Sync Breeze Enterprise 9.9.16, and Disk Pulse Enterprise 9.9.16 where an attacker can craft a malicious GET request and exploit the web server component. Successful exploitation of the software will allow an attacker to gain complete access to the system with NT AUTHORITY / SYSTEM level privileges. The vulnerability lies due to improper handling and sanitization of the incoming request.

Affected

4 ranges
VendorProductVersion rangeFixed in
flexensediskpulse
flexensedisksavvy
flexensedupscout
flexensesyncbreeze

Detection & IOCsextracted from sources · hover to see the quote

versionDup Scout Enterprise <= 10.0.18
versionDisk Pulse Enterprise 9.9.16
  • Detect oversized/malformed HTTP GET request paths targeting the built-in web server component of Dup Scout Enterprise, Disk Savvy Enterprise, Sync Breeze Enterprise, or Disk Pulse Enterprise — indicative of stack-based buffer overflow exploitation.
  • Monitor for crafted HTTP GET requests to the web interface of affected Disk Pulse Enterprise instances that trigger SEH-based buffer overflow conditions.
  • Monitor for buffer overflow exploitation attempts via the web login interface of Dup Scout Enterprise, which can result in NT AUTHORITY\SYSTEM level code execution.
  • Alert on processes spawned by the Dup Scout / Disk Pulse / Sync Breeze / Disk Savvy web server component running as NT AUTHORITY\SYSTEM, especially if spawning shells or unexpected child processes.
  • ·The GET-based exploit module (dupscts_bof.rb) supports x86 versions of Dup Scout Enterprise and x86 Windows operating systems only; detection logic should account for both x86 and x64 variants when covering the login-based overflow module.
  • ·The login buffer overflow module has been confirmed against both x86 and x64 Windows targets across multiple OS versions (XP, 7, 10), so detections should not be limited to x86 architecture.
  • ·CVE-2017-13696 affects multiple products from the same vendor family (Dup Scout, Disk Savvy, Sync Breeze, Disk Pulse Enterprise); ensure detection coverage spans all four products and their respective vulnerable versions.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.