CVE-2018-25239

Summary

Smart VPN 1.1.3.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input through the search interface. Attackers can paste a buffer of 2100 characters into the top right search bar to trigger an unhandled exception that crashes the application.

Affected Software

VendorProductVersion RangeStatus
SmartVPNSmart VPN1.1.3.0affected

Weaknesses

  • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References