Description
NetAware 1.20 contains a buffer overflow vulnerability in the User Blocking feature that allows local attackers to crash the application by supplying oversized input. Attackers can paste a malicious buffer of 512 bytes into the 'Add a website or keyword to be filtered' field and trigger a crash when removing the created block.
Published: 2026-03-21
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch Immediately
AI Analysis

Impact

NetAware 1.20 includes a buffer overflow in the User Blocking feature that allows a local attacker to crash the application by entering an oversized 512‑byte buffer into the "Add a website or keyword to be filtered" field. This local vulnerability results in a denial of service, leading to application downtime without providing an attacker additional privileges or data access.

Affected Systems

The affected system is Infiltration‑Systems NetAware version 1.20. The flaw is exploitable on installations of this exact version and applies to the local user interface of the application.

Risk and Exploitability

The vulnerability carries a CVSS score of 6.9, indicating medium severity. The EPSS score is less than 1%, and it is not listed in CISA’s KEV catalog, suggesting low likelihood of current exploitation. The attack vector is local, requiring a user who can input data into the add block field and subsequently delete the block entry to trigger the crash. Because of the local requirement and low exploit probability, the overall risk is moderate, but the impact on service availability can be significant if exploitation occurs.

Generated by OpenCVE AI on March 23, 2026 at 18:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest patch or update released by Infiltration Systems for NetAware.
  • If an immediate update is not available, restrict local user privileges to prevent use of the vulnerable add block feature, or disable that feature until a patch is applied.
  • Monitor NetAware logs for crash events and check for any attempts to trigger the overflow.
  • Regularly consult Infiltration Systems’ website or support for additional advisories or security updates.

Generated by OpenCVE AI on March 23, 2026 at 18:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 23 Mar 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Spytech-web
Spytech-web netaware
CPEs cpe:2.3:a:spytech-web:netaware:1.20:*:*:*:*:*:*:*
Vendors & Products Spytech-web
Spytech-web netaware

Mon, 23 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Infiltration-systems
Infiltration-systems netaware
Vendors & Products Infiltration-systems
Infiltration-systems netaware

Sat, 21 Mar 2026 13:00:00 +0000

Type Values Removed Values Added
Description NetAware 1.20 contains a buffer overflow vulnerability in the User Blocking feature that allows local attackers to crash the application by supplying oversized input. Attackers can paste a malicious buffer of 512 bytes into the 'Add a website or keyword to be filtered' field and trigger a crash when removing the created block.
Title NetAware 1.20 Denial of Service via Add Block Buffer Overflow
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Infiltration-systems Netaware
Spytech-web Netaware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-23T16:29:35.322Z

Reserved: 2026-03-21T12:24:03.713Z

Link: CVE-2019-25547

cve-icon Vulnrichment

Updated: 2026-03-23T16:29:31.651Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-21T13:16:16.573

Modified: 2026-03-23T17:32:12.490

Link: CVE-2019-25547

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:47:35Z

Weaknesses