Details of VAR-201809-1402

ID

VAR-201809-1402

TITLE

(0Day) Fuji Electric Frenic Loader FNC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

Trust: 0.7

sources: ZDI: ZDI-18-1085

DESCRIPTION

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Fuji Electric Frenic Loader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of FNC files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to disclose sensitive information under the context of an administrator.

Trust: 0.7

sources: ZDI: ZDI-18-1085

AFFECTED PRODUCTS

vendor:

fuji electric

model:

frenic loader

scope:

version:

Trust: 0.7

sources: ZDI: ZDI-18-1085

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	ZDI-18-1085
value:	MEDIUM
Trust: 0.7

ZDI:	ZDI-18-1085
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7

sources: ZDI: ZDI-18-1085

EXTERNAL IDS

db:	ZDI_CAN	id:	ZDI-CAN-6238	Trust: 0.7
db:	ZDI	id:	ZDI-18-1085	Trust: 0.7

sources: ZDI: ZDI-18-1085

CREDITS

Michael Flanders of the Zero Day Initiative

Trust: 0.7

sources: ZDI: ZDI-18-1085

SOURCES

db:

ZDI

id:

ZDI-18-1085

LAST UPDATE DATE

2022-05-17T01:36:13.616000+00:00

SOURCES UPDATE DATE

db:

ZDI

id:

ZDI-18-1085

date:

2018-09-26T00:00:00

SOURCES RELEASE DATE

db:

ZDI

id:

ZDI-18-1085

date:

2018-09-26T00:00:00