Disk Pulse Enterprise Stack-Based Buffer Overflow Vulnerability in Login Functionality
Vulnerability
A stack-based buffer overflow vulnerability has been identified in the login feature of Disk Pulse Enterprise version 9.0.34. This vulnerability arises from improper bounds checking on HTTP request components, allowing remote, unauthenticated attackers to send specially crafted HTTP POST requests to the /login endpoint. The exploitation of this vulnerability causes a buffer overflow in the libspp.dll component, leading to arbitrary code execution with SYSTEM privileges.
Impact
Exploitation of this vulnerability allows for arbitrary code execution with SYSTEM privileges on the affected system.
Reproduction
The vulnerability can be reproduced by sending an HTTP POST request to the /login endpoint with an overly long username parameter. This can be done using a variety of tools, such as curl or Postman, or through a custom script. The request must include a valid, but simple, password, as the login process does not require authentication.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.