BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

cFos 3.09 Denial of Service

Disclosed April 24, 2014    Zeroday : 120 days

Vulnerability Description:

cFos Personal Net contains a vulnerability whereby multiple malformed POST requests may cause a denial of service condition via heap memory corruption.

Vendors:

cFos

Vulnerable Software/Devices:

cFos Personal Net v3.09 and prior versions

Vulnerability Severity:

Medium

Exploit Availability:

Publicly Available

Exploit Impact:

Denial of Service
Multiple malformed POST requests, received in less than 3000ms, causes cFos Personal Net to mishandle data, causing a heap memory corruption which may cause the application to become unresponsive.

BeyondTrust Prevention and Detection:

BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

  • 33845 - cFos 3.09 and Prior Denial of Service (Zero-Day)

Mitigation:

No mitigations are currently available. 

Links:

CVE(s):

None