{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/10-strike/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.4,"id":"CVE-2018-25345"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["network scanner"],"_cs_severities":["high"],"_cs_tags":["buffer-overflow","rce","windows"],"_cs_type":"threat","_cs_vendors":["10-strike"],"content_html":"\u003cp\u003e10-Strike Network Scanner 3.0 is susceptible to a buffer overflow vulnerability (CVE-2018-25345) within the host name field. Successful exploitation of this vulnerability allows an attacker to bypass SafeSEH protections and execute arbitrary code within the context of the application. The vulnerability can be triggered via the Trace route or System information functions when processing a crafted host name or address field. This poses a significant risk to organizations utilizing this software, as it could lead to unauthorized access, data breaches, or complete system compromise. The vulnerable version is 3.0.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable instance of 10-Strike Network Scanner 3.0.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious payload designed to exploit the buffer overflow in the host name or address field. The payload is crafted to bypass SafeSEH.\u003c/li\u003e\n\u003cli\u003eThe attacker inputs the malicious payload into the host name or address field within the application\u0026rsquo;s interface.\u003c/li\u003e\n\u003cli\u003eThe attacker initiates either the \u0026ldquo;Trace route\u0026rdquo; or \u0026ldquo;System information\u0026rdquo; function targeting the input containing the malicious payload.\u003c/li\u003e\n\u003cli\u003eThe application attempts to process the input, triggering the buffer overflow.\u003c/li\u003e\n\u003cli\u003eThe crafted payload overwrites the return address on the stack, bypassing SafeSEH protection.\u003c/li\u003e\n\u003cli\u003eControl is redirected to the attacker-controlled code within the payload.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves arbitrary code execution within the context of the Network Scanner application.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2018-25345 can lead to arbitrary code execution, potentially granting an attacker full control over the affected system. This could result in data breaches, malware installation, or further lateral movement within the network. Given the nature of network scanners, successful exploitation could provide attackers with valuable network reconnaissance capabilities, compounding the impact.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor process execution for the creation of child processes from the 10-Strike Network Scanner executable, indicating potential exploitation (see Sigma rule \u0026ldquo;Detect 10-Strike Network Scanner Suspicious Child Process\u0026rdquo;).\u003c/li\u003e\n\u003cli\u003eImplement network segmentation to limit the potential impact of a successful exploit.\u003c/li\u003e\n\u003cli\u003eWhile no patch is available, consider migrating to an alternative solution that provides similar functionality without the vulnerability.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-26T13:38:29Z","date_published":"2026-05-26T13:38:29Z","id":"https://feed.craftedsignal.io/briefs/2026-05-10-strike-rce/","summary":"A buffer overflow vulnerability exists in 10-Strike Network Scanner 3.0, allowing attackers to bypass SafeSEH protections and execute arbitrary code by crafting a malicious payload in the host name or address field and triggering the vulnerability through the Trace route or System information functions.","title":"10-Strike Network Scanner 3.0 Buffer Overflow Leading to Remote Code Execution","url":"https://feed.craftedsignal.io/briefs/2026-05-10-strike-rce/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.4,"id":"CVE-2018-25344"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Network Inventory Explorer"],"_cs_severities":["high"],"_cs_tags":["buffer-overflow","seh-overwrite","privilege-escalation","execution","cve-2018-25344","windows"],"_cs_type":"advisory","_cs_vendors":["10-strike"],"content_html":"\u003cp\u003e10-Strike Network Inventory Explorer version 8.54 is vulnerable to a stack-based buffer overflow. A local attacker can exploit this vulnerability (CVE-2018-25344) by providing a specially crafted registration key to the application. This crafted input overflows a buffer on the stack, allowing the attacker to overwrite the Structured Exception Handler (SEH) chain and gain arbitrary code execution with the privileges of the running application. The attacker must have local access to the system where the application is installed to exploit this vulnerability. Successful exploitation allows for arbitrary code execution.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker crafts a malicious registration key string.\u003c/li\u003e\n\u003cli\u003eThe malicious string contains 4188 bytes of padding to reach the buffer overflow point.\u003c/li\u003e\n\u003cli\u003eAfter the padding, the string includes carefully chosen SEH chain values (a pointer to the next handler and a pointer to the handler itself).\u003c/li\u003e\n\u003cli\u003eThe crafted string also contains shellcode designed to perform malicious actions.\u003c/li\u003e\n\u003cli\u003eThe attacker opens 10-Strike Network Inventory Explorer 8.54.\u003c/li\u003e\n\u003cli\u003eThe attacker navigates to the registration dialog.\u003c/li\u003e\n\u003cli\u003eThe attacker pastes the malicious registration key string into the registration key input field.\u003c/li\u003e\n\u003cli\u003eWhen the application attempts to process the overly long registration key, a stack buffer overflow occurs, overwriting the SEH chain.\u003c/li\u003e\n\u003cli\u003eWhen an exception is triggered (likely due to the memory corruption), the overwritten SEH handler is invoked, leading to execution of the attacker-supplied shellcode.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves arbitrary code execution with the privileges of the Network Inventory Explorer application.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this buffer overflow vulnerability allows a local attacker to execute arbitrary code on the affected system. Since the code is executed with the privileges of the 10-Strike Network Inventory Explorer application, the attacker can perform actions such as installing malware, accessing sensitive data, or modifying system settings. The CVSS v3.1 base score for this vulnerability is 8.4, indicating a high level of severity.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Network Inventory Explorer SEH Overwrite\u003c/code\u003e to identify attempts to exploit the buffer overflow by detecting suspicious SEH overwrites in process creation logs.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Network Inventory Explorer Suspicious Registration\u003c/code\u003e to detect suspicious process creation related to Network Inventory Explorer after a registration attempt.\u003c/li\u003e\n\u003cli\u003eConsider migrating to a different network inventory solution, or isolating the vulnerable application from sensitive data and critical system processes.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-26T13:37:57Z","date_published":"2026-05-26T13:37:57Z","id":"https://feed.craftedsignal.io/briefs/2026-05-network-inventory-explorer-overflow/","summary":"10-Strike Network Inventory Explorer 8.54 contains a stack-based buffer overflow vulnerability in the registration key input field that allows local attackers to execute arbitrary code via SEH overwrite.","title":"10-Strike Network Inventory Explorer Stack-Based Buffer Overflow (CVE-2018-25344)","url":"https://feed.craftedsignal.io/briefs/2026-05-network-inventory-explorer-overflow/"}],"language":"en","title":"CraftedSignal Threat Feed — 10-Strike","version":"https://jsonfeed.org/version/1.1"}