Vulnerability Details : CVE-2004-0798
Buffer overflow in the _maincfgret.cgi script for Ipswitch WhatsUp Gold before 8.03 Hotfix 1 allows remote attackers to execute arbitrary code via a long instancename parameter.
Vulnerability category: OverflowExecute code
At least one public exploit which can be used to exploit this vulnerability exists!
Exploit prediction scoring system (EPSS) score for CVE-2004-0798
Probability of exploitation activity in the next 30 days: 94.48%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2004-0798
-
Ipswitch WhatsUp Gold 8.03 Buffer Overflow
Disclosure Date : 2004-08-25exploit/windows/http/ipswitch_wug_maincfgretThis module exploits a buffer overflow in IPswitch WhatsUp Gold 8.03. By posting a long string for the value of 'instancename' in the _maincfgret.cgi script an attacker can overflow a buffer and execute arbitrary code on the system. Authors: - MC <[email protected]>
CVSS scores for CVE-2004-0798
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
[email protected] |
References for CVE-2004-0798
Products affected by CVE-2004-0798
- cpe:2.3:a:ipswitch:whatsup_gold:8.01:*:*:*:*:*:*:*
- cpe:2.3:a:ipswitch:whatsup_gold:8.03:*:*:*:*:*:*:*
- cpe:2.3:a:ipswitch:whatsup_gold:7.04:*:*:*:*:*:*:*
- cpe:2.3:a:ipswitch:whatsup_gold:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:ipswitch:whatsup_gold:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:ipswitch:whatsup_gold:7.03:*:*:*:*:*:*:*