Xymon status-log Viewer Component Stack-Based Buffer Overflow Vulnerability

By GIXnews

A vulnerability in the status-log viewer component of Xymon could allow an unauthenticated, remote attacker to access or modify data, or cause a denial of service (DoS) condition on an affected system.

The vulnerability is due to a stack-based buffer overflow condition in the svcstatus.c file and exists because the affected software does not properly validate user input. An attacker could exploit this vulnerability by submitting malicious input to the affected system. A successful exploit could allow the attacker to access or modify data, or cause a DoS condition on the affected system.

Xymon has confirmed the vulnerability and released a software update.

Security Impact Rating: Critical

CVE: CVE-2019-13486

Source:: Cisco Multivendor Vulnerability Alerts