Flexsense DiskBoss Buffer Overflow

HIGH (7.8)
cwe-119buffer-overflowdiskbossflexsenselocal-accesswindows

Threat Intelligence

Low Risk
EPSS Score: 0.01% chance of exploitation (percentile: 1%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

Flexsense DiskBoss is a disk management and backup software used by some organizations for data protection. This vulnerability allows an attacker to execute arbitrary code on the system by manipulating the 'Reports and Data Directory' field, potentially leading to unauthorized access or data tampering.

Am I affected?

Specific version info not stated in the advisory. If you don't recognise this software, you're probably not affected.

Affected Products

Flexsense / DiskBoss

How to fix

  1. Upgrade to Flexsense DiskBoss version 7.8 or later from the official website: https://www.flexsens.com/
  2. Immediate mitigations:
  3. Restrict access to the 'Reports and Data Directory' field (configure file permissions or use a different directory)
  4. Monitor for suspicious activity in the 'Reports and Data Directory'

References