Xymon Alert Acknowledgment CGI Tool Stack-Based Buffer Overflow Vulnerability

By GIXnews


A vulnerability in Xymon could allow an unauthenticated, remote attacker to access or modify data, or cause a denial of service (DoS) condition on an affected system.

The vulnerability is due to a stack-based buffer overflow condition in the acknowledgment CGI tool of the affected software and exists because of non-breaking space ( ) expansion in the acknowledge.c file. An attacker could exploit this vulnerability by submitting malicious input to the affected system. A successful exploit could allow the attacker to access or modify data, or cause a DoS condition.

Xymon has confirmed the vulnerability and released a software update.

Security Impact Rating: Critical

CVE: CVE-2019-13455

Source:: Cisco Multivendor Vulnerability Alerts