Description
10-Strike Network Scanner 3.0 contains a local buffer overflow vulnerability in the host name field that allows attackers to bypass SafeSEH protections and execute arbitrary code. Attackers can craft a malicious payload in the host name or address field and trigger the vulnerability through the Trace route or System information functions to achieve code execution.
Published: 2026-05-23
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a stack-based buffer overflow on a host name field. By supplying a specially crafted value, defenders can override SafeSEH protection and run arbitrary code. The flaw is triggered when the user invokes the Trace route or System information functions, both of which parse the host name or address input.

Affected Systems

10‑Strike Network Scanner 3.0. No specific patch version is listed; users should verify the current installation is 3.0 or later and confirm that the overflow fix has been applied.

Risk and Exploitability

The CVSS score of 8.6 indicates a high severity risk. No EPSS score is available, but a public exploit exists on exploit‑db. The issue is not tagged in CISA’s KEV catalog. Attackers need local access to the scanner and to trigger the vulnerable functions, making it a local privilege escalation to code execution scenario.

Generated by OpenCVE AI on May 23, 2026 at 19:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade 10‑Strike Network Scanner to the latest release that corrects the buffer overflow.
  • If no update is available, block or remove the Trace route and System information functions that accept host name input, or restrict the application to trusted users only.
  • Enable operating‑system hardening measures such as DEP and ASLR to reduce the impact of the buffer overflow.

Generated by OpenCVE AI on May 23, 2026 at 19:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 26 May 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 25 May 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared 10-strike
10-strike network Scanner
Vendors & Products 10-strike
10-strike network Scanner

Sat, 23 May 2026 18:45:00 +0000

Type Values Removed Values Added
Description 10-Strike Network Scanner 3.0 contains a local buffer overflow vulnerability in the host name field that allows attackers to bypass SafeSEH protections and execute arbitrary code. Attackers can craft a malicious payload in the host name or address field and trigger the vulnerability through the Trace route or System information functions to achieve code execution.
Title 10-Strike Network Scanner 3.0 Local Buffer Overflow SEH
Weaknesses CWE-120
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

10-strike Network Scanner
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-26T16:16:52.689Z

Reserved: 2026-05-23T14:46:34.956Z

Link: CVE-2018-25345

cve-icon Vulnrichment

Updated: 2026-05-26T16:16:16.098Z

cve-icon NVD

Status : Deferred

Published: 2026-05-23T19:16:54.463

Modified: 2026-05-26T19:37:32.587

Link: CVE-2018-25345

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-25T11:33:30Z

Weaknesses
  • CWE-120

    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')