CVE-2019-25597
Received Received - Intake
Buffer Overflow in NSauditor SNMP Community Causes DoS

Publication date: 2026-03-22

Last updated on: 2026-05-01

Assigner: VulnCheck

Description
NSauditor 3.1.2.0 contains a buffer overflow vulnerability in the SNMP Auditor Community field that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a large payload into the Community field and trigger the Walk function to cause a denial of service condition.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-22
Last Modified
2026-05-01
Generated
2026-06-16
AI Q&A
2026-03-22
EPSS Evaluated
2026-06-15
NVD
CVE-2019-25597
EUVD
EUVD-2019-19936
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nsasoft nsauditor From 3.1.2.0 (inc) to 3.2.7 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2019-25597 is a buffer overflow vulnerability found in NSauditor version 3.1.2.0, specifically in the SNMP Auditor Community field.

Local attackers can exploit this vulnerability by inputting an excessively long string into the Community field and then triggering the Walk function, which causes the application to crash.

This crash is due to the buffer overflow caused by the oversized input, resulting in a denial of service condition.

Impact Analysis

This vulnerability can be exploited by local attackers to cause a denial of service (DoS) condition by crashing the NSauditor application.

The impact is limited to availability, as the application becomes unusable when the buffer overflow is triggered.

There is no indication that confidentiality or integrity are affected by this vulnerability.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the crash condition in a controlled environment. The detection involves inputting an excessively long string into the SNMP Auditor Community field and triggering the Walk function to see if the application crashes.'}, {'type': 'list_item', 'content': "Create a payload consisting of 10,000 'A' characters."}, {'type': 'list_item', 'content': 'Run the provided Python script `Nsauditor_3.1.2.0.py` to generate the payload file named "nsauditor.txt".'}, {'type': 'list_item', 'content': 'Open the "nsauditor.txt" file and copy its contents to the clipboard.'}, {'type': 'list_item', 'content': 'Launch the NSauditor application and navigate to the "Sessions" section, then select "SNMP Auditor".'}, {'type': 'list_item', 'content': 'Paste the clipboard content into the Community field.'}, {'type': 'list_item', 'content': 'Click the "Walk" button to trigger the vulnerability and observe if the application crashes.'}] [3]

Mitigation Strategies

To mitigate this vulnerability immediately, avoid inputting excessively long strings into the SNMP Auditor Community field, especially when using the Walk function.

Restrict local access to the NSauditor application to trusted users only, since the attack requires local access.

Monitor and control usage of the SNMP Auditor feature to prevent exploitation.

Check for any available patches or updates from the vendor and apply them as soon as possible.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25597. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart