CVE-2019-25326

ipPulse 1.92 contains a denial of service vulnerability that allows local attackers to crash the application by providing an oversized input in the Enter Key field. Attackers can generate a 256-byte buffer of repeated 'A' characters to trigger an application crash when pasting the malicious content.

CVSS v3 6.2 MEDIUM

6.2^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.5 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.exploit-db.com/exploits/47674	Exploit Third Party Advisory
https://www.netscantools.com/ippulseinfo.html	Product
https://www.vulncheck.com/advisories/ippulse-enter-key-denial-of-service	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:nwpsw:ippulse:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-02-18 22:16

Updated : 2026-02-24 20:38

NVD link : CVE-2019-25326

Mitre link : CVE-2019-25326

CVE.ORG link : CVE-2019-25326

JSON object : View

Products Affected

nwpsw

ippulse

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

NVD-CWE-noinfo

{"id": "CVE-2019-25326", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 4.6, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-02-18T22:16:18.980", "references": [{"url": "https://www.exploit-db.com/exploits/47674", "tags": ["Exploit", "Third Party Advisory"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.netscantools.com/ippulseinfo.html", "tags": ["Product"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/ippulse-enter-key-denial-of-service", "tags": ["Third Party Advisory"], "source": "disclosure@vulncheck.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-120"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "ipPulse 1.92 contains a denial of service vulnerability that allows local attackers to crash the application by providing an oversized input in the Enter Key field. Attackers can generate a 256-byte buffer of repeated 'A' characters to trigger an application crash when pasting the malicious content."}, {"lang": "es", "value": "ipPulse 1.92 contiene una vulnerabilidad de denegaci\u00f3n de servicio que permite a atacantes locales bloquear la aplicaci\u00f3n al proporcionar una entrada de tama\u00f1o excesivo en el campo 'Enter Key'. Los atacantes pueden generar un b\u00fafer de 256 bytes de caracteres 'A' repetidos para provocar un bloqueo de la aplicaci\u00f3n al pegar el contenido malicioso."}], "lastModified": "2026-02-24T20:38:18.883", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nwpsw:ippulse:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "921CC834-C62B-44C5-A2CD-08CEE10034CD", "versionEndIncluding": "1.92"}], "operator": "OR"}]}], "sourceIdentifier": "disclosure@vulncheck.com"}