Xymon status-log Viewer CGI Buffer Overflow Vulnerability

By GIXnews

A vulnerability in Xymon could allow an unauthenticated, remote attacker to access or modify data, or cause a denial of service (DoS) condition on an affected system.

The vulnerability is due to a buffer overflow condition in the status-log viewer CGI tool of the affected software and exists because of non-breaking space ( ) expansion in the appfeed.c file. An attacker could exploit this vulnerability by submitting malicious input to the affected system. A successful exploit could allow the attacker to access or modify data, or cause a DoS condition.

Xymon has confirmed the vulnerability and released a software update.

Security Impact Rating: Critical

CVE: CVE-2019-13484

Source:: Cisco Multivendor Vulnerability Alerts