Medicomp MEDCIN Engine Multiple Security Vulnerabilities

Summary

The AddUserFinding implementation in Medicomp MEDCIN Engine 2.22.20153.x before 2.22.20153.226 might allow remote attackers to execute arbitrary code or cause a denial of service (integer truncation and heap-based buffer overflow) via a crafted packet on port 8190.

Credit:

The information has been provided by Ryan Wincey.


Details

Vulnerable Systems:
 * Medicomp MEDCIN Engine 2.22.20153.x before 2.22.20153.226

Immune Systems:
 * Medicomp MEDCIN Engine after 2.22.20153.226

Medicomp MEDCIN Engine is prone to multiple security vulnerabilities. Successful exploits may allow an attacker to execute arbitrary code, overwrite arbitrary files. Failed attempts will likely cause a denial-of-service condition.

CVE Information:
CVE-2015-6006

Disclosure Timeline:
Original release date: 10/29/2015
Last revised: 10/30/2015

Categories: News