Description
10-Strike Network Scanner 3.0 contains a local buffer overflow vulnerability in the host name field that allows attackers to bypass SafeSEH protections and execute arbitrary code. Attackers can craft a malicious payload in the host name or address field and trigger the vulnerability through the Trace route or System information functions to achieve code execution.
Published: 2026-05-23
Score: 8.6 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a stack-based buffer overflow on a host name field. By supplying a specially crafted value, defenders can override SafeSEH protection and run arbitrary code. The flaw is triggered when the user invokes the Trace route or System information functions, both of which parse the host name or address input.

Affected Systems

10‑Strike Network Scanner 3.0. No specific patch version is listed; users should verify the current installation is 3.0 or later and confirm that the overflow fix has been applied.

Risk and Exploitability

The CVSS score of 8.6 indicates a high severity risk. No EPSS score is available, but a public exploit exists on exploit‑db. The issue is not tagged in CISA’s KEV catalog. Attackers need local access to the scanner and to trigger the vulnerable functions, making it a local privilege escalation to code execution scenario.

Generated by OpenCVE AI on May 23, 2026 at 19:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade 10‑Strike Network Scanner to the latest release that corrects the buffer overflow.
  • If no update is available, block or remove the Trace route and System information functions that accept host name input, or restrict the application to trusted users only.
  • Enable operating‑system hardening measures such as DEP and ASLR to reduce the impact of the buffer overflow.

Generated by OpenCVE AI on May 23, 2026 at 19:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 23 May 2026 18:45:00 +0000

Type Values Removed Values Added
Description 10-Strike Network Scanner 3.0 contains a local buffer overflow vulnerability in the host name field that allows attackers to bypass SafeSEH protections and execute arbitrary code. Attackers can craft a malicious payload in the host name or address field and trigger the vulnerability through the Trace route or System information functions to achieve code execution.
Title 10-Strike Network Scanner 3.0 Local Buffer Overflow SEH
Weaknesses CWE-120
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-23T18:30:47.475Z

Reserved: 2026-05-23T14:46:34.956Z

Link: CVE-2018-25345

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-23T19:30:25Z

Weaknesses