Description
P10 Central Management Software 1.4.13 contains a buffer overflow vulnerability in the login password field that allows local attackers to crash the application by submitting an oversized input string. Attackers can paste a 2000-byte payload into the password field and click login to trigger an application crash and denial of service.
Published: 2026-04-26
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch when available
AI Analysis

Impact

A buffer overflow flaw in the password field of P10 Central Management Software version 1.4.13 lets an attacker supply a long input string, such as 2000 bytes, and cause the application to crash when the login button is pressed. The crash results in an application‑level denial of service but does not leak or alter data. The vulnerability is limited to local execution on a system where the user can interact with the login interface and does not provide elevation or remote code execution. The referenced weakness is CWE‑120, a classic stack-based buffer overflow.

Affected Systems

The affected product is P10: Central Management Software, specifically version 1.4.13. No other versions are reported as vulnerable in the current data.

Risk and Exploitability

The CVSS score of 6.8 marks the flaw as a moderate risk. The EPSS < 1% indicates a very low probability that an exploit is or will be used in the wild. The vulnerability is not listed in the CISA KEV catalog, further suggesting limited exploitation. Attackers must have local access to the system and a means to interact with the software’s login screen to trigger the crash. There are no known public exploits that leverage this flaw remotely or require elevated privileges. The risk is principally to service availability for local machines hosting the application.

Generated by OpenCVE AI on April 28, 2026 at 05:08 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑supplied patch for P10 Central Management Software as soon as it becomes available.
  • Restart the application and monitor system logs for crashes if the patch cannot be applied immediately.
  • Restrict local user access to the login interface or disable the application temporarily until a patch is deployed.

Generated by OpenCVE AI on April 28, 2026 at 05:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared P10
P10 central Management Software
Vendors & Products P10
P10 central Management Software

Mon, 27 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 26 Apr 2026 13:30:00 +0000

Type Values Removed Values Added
Description P10 Central Management Software 1.4.13 contains a buffer overflow vulnerability in the login password field that allows local attackers to crash the application by submitting an oversized input string. Attackers can paste a 2000-byte payload into the password field and click login to trigger an application crash and denial of service.
Title P10 Central Management Software 1.4.13 Denial of Service
Weaknesses CWE-120
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

P10 Central Management Software
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-27T16:42:16.222Z

Reserved: 2026-04-26T13:11:29.085Z

Link: CVE-2018-25296

cve-icon Vulnrichment

Updated: 2026-04-27T16:42:08.934Z

cve-icon NVD

Status : Deferred

Published: 2026-04-26T22:17:31.107

Modified: 2026-04-27T18:53:00.053

Link: CVE-2018-25296

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T05:15:22Z

Weaknesses