CVE-2011-3176
CVE-2011-3176
Vexday Risk Score
50Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 69.7%KEV nãoPoC públicaNuclei —Metasploit simPatch —
Lifecycle
22 Feb 2012Metasploit module available
09 Apr 2012Published on NVD
20 Jul 2012Public PoC
Weaponization speed
101 daysto first PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x4c request.
Affected products
n/a · n/apublic PoCs found — 3
cve_referencewww.exploit-db.com/exploits/19959unverifiedexploitdbwww.exploit-db.com/exploits/19959unverifiedexploitdbwww.exploit-db.com/exploits/19958unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://download.novell.com/Download?buildid=rs4B5jhWKf8~http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5127930.htmlhttp://www.exploit-db.com/exploits/19959http://www.novell.com/support/viewContent.do?externalId=7010044http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=974