The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Castle Rock SNMPc

vulnerability announce CVE-2019-13494

Castle Rock SNMPc: buffer overflow via Map Objects

Synthesis of the vulnerability

An attacker can trigger a buffer overflow via Map Objects of Castle Rock SNMPc, in order to trigger a denial of service, and possibly to run code.
Impacted products: SNMPc.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 11/07/2019.
Identifiers: CVE-2019-13494, VIGILANCE-VUL-29752.

Description of the vulnerability

An attacker can trigger a buffer overflow via Map Objects of Castle Rock SNMPc, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2015-6028

Castle Rock SNMPc: SQL injection via SNMP

Synthesis of the vulnerability

An attacker can use a SQL injection via SNMP of Castle Rock SNMPc, in order to read or alter data.
Impacted products: SNMPc.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: internet client.
Creation date: 10/04/2017.
Identifiers: CVE-2015-6028, VIGILANCE-VUL-22379.

Description of the vulnerability

The Castle Rock SNMPc product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection via SNMP of Castle Rock SNMPc, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2015-6027

Castle Rock SNMPc: Cross Site Scripting via SNMP

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Castle Rock SNMPc, in order to run JavaScript code in the context of the web site.
Impacted products: SNMPc.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 08/09/2016.
Identifiers: CVE-2015-6027, VIGILANCE-VUL-20538.

Description of the vulnerability

The Castle Rock SNMPc product offers a web service.

However, it does not filter received SNMP data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Castle Rock SNMPc, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2008-2214

SNMPc: buffer overflow via TRAP

Synthesis of the vulnerability

A network attacker can send a TRAP packet in order to execute code on SNMPc.
Impacted products: SNMPc.
Severity: 3/4.
Consequences: administrator access/rights.
Provenance: intranet client.
Creation date: 05/05/2008.
Revision date: 13/11/2008.
Identifiers: BID-28990, CVE-2008-2214, NGS00526, VIGILANCE-VUL-7790.

Description of the vulnerability

The Castle Rock SNMPc Network Manager product centralizes network monitoring. Devices send it SNMP TRAP messages (port 162/udp). These packets contain a Community String to authenticate the sender.

However, if the Community String is too long, a buffer overflow occurs in SNMPc Network Manager. This overflow leads to code execution with LocalSystem privileges.

An unauthenticated network attacker can thus send a SNMP TRAP packet in order to execute code on SNMPc Network Manager.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2007-3098

SNMPc: denial of service

Synthesis of the vulnerability

An attacker can send a malicious packet in order to stop SNMPc.
Impacted products: SNMPc.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 05/06/2007.
Identifiers: BID-24292, CVE-2007-3098, VIGILANCE-VUL-6876.

Description of the vulnerability

The [SNMPcConfig] section of snmpc.ini indicates ports used by SNMPc to communicate with remote systems. By default, TCP ports 165 to 168 are defined.

When a malicious login packet is sent to port 165/tcp, the crserv.exe process stops.

This vulnerability therefore permits an attacker to create a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Castle Rock SNMPc: