CVE-2020-36881
BaseFortify
Publication date: 2025-12-05
Last updated on: 2025-12-10
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| flexense | diskboss | 7.7.14 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a local buffer overflow in the 'Input Directory' component of Flexsense DiskBoss 7.7.14. It allows unauthenticated attackers to execute arbitrary code on the system by pasting a specially crafted directory path into the 'Add Input Directory' field.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can execute arbitrary code on the affected system without authentication, potentially leading to system compromise, data loss, or unauthorized control over the system.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is a local buffer overflow in the 'Add Input Directory' field of DiskBoss 7.7.14. Detection involves verifying if the vulnerable version (7.7.14) of DiskBoss is installed on the system. Since the exploit requires local access and interaction with the DiskBoss GUI, network detection is limited. There are no specific commands provided to detect exploitation attempts. However, monitoring for abnormal behavior such as unexpected execution of calc.exe or crashes when using the 'Add Input Directory' feature may indicate exploitation attempts. [4]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Avoid using the 'Add Input Directory' feature in DiskBoss 7.7.14 until patched. 2) Upgrade DiskBoss to a later version where this vulnerability is fixed. 3) Disable or restrict local user access to DiskBoss to prevent exploitation. 4) Ensure Data Execution Prevention (DEP) is enabled for diskbsg.exe to hinder exploit success. 5) Monitor and restrict clipboard usage to prevent injection of crafted payloads. These steps reduce the risk of arbitrary code execution via this buffer overflow. [3, 4]