CVE-2017-13696
CRITICALFlexense Dupscout - Memory Corruption
Title source: ruleDescription
A buffer overflow vulnerability lies in the web server component of Dup Scout Enterprise 9.9.14, Disk Savvy Enterprise 9.9.14, Sync Breeze Enterprise 9.9.16, and Disk Pulse Enterprise 9.9.16 where an attacker can craft a malicious GET request and exploit the web server component. Successful exploitation of the software will allow an attacker to gain complete access to the system with NT AUTHORITY / SYSTEM level privileges. The vulnerability lies due to improper handling and sanitization of the incoming request.
Exploits (7)
exploitdb
WORKING POC
VERIFIED
by Nipun Jaswal · pythonremotewindows
https://www.exploit-db.com/exploits/42560
exploitdb
WORKING POC
VERIFIED
by Nipun Jaswal · pythonremotewindows
https://www.exploit-db.com/exploits/42557
exploitdb
WORKING POC
by Nipun Jaswal · pythonremotewindows
https://www.exploit-db.com/exploits/42559
exploitdb
WORKING POC
by Nipun Jaswal · pythonremotewindows
https://www.exploit-db.com/exploits/42558
metasploit
WORKING POC
EXCELLENT
by Chance Johnson, Nipun Jaswal & Anurag Srivastava · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/disk_pulse_enterprise_get.rb
metasploit
WORKING POC
GREAT
by sickness, Chris Higgins · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/dup_scout_enterprise_login_bof.rb
metasploit
WORKING POC
GREAT
by vportal, Daniel Teixeira, bcoles · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/dupscts_bof.rb
References (5)
Scores
CVSS v3
9.8
EPSS
0.6338
EPSS Percentile
98.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (4)
flexense/diskpulse
9.9.16
flexense/disksavvy
9.9.14
flexense/dupscout
9.9.14
flexense/syncbreeze
9.9.16
Published
Jan 24, 2018
Tracked Since
Feb 18, 2026