Vulnerability CVE-2015-1497


Published: 2015-02-16

Description:
radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execute arbitrary commands via a crafted request to TCP port 3465.

See advisories in our WLB2 database:
Topic
Author
Date
High
HP Client Automation Command Injection
Juan vazquez
24.02.2015
High
HP Client - Automation Command Injection
SlidingWindow
11.10.2016

Type:

CWE-78

(Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') )

Vendor: Persistent systems
Product: Radia client automation 
Version:
9.1
9.0
8.1
7.9

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://packetstormsecurity.com/files/130459/HP-Client-Automation-Command-Injection.html
http://www.exploit-db.com/exploits/36169
http://www.exploit-db.com/exploits/36206
http://www.securityfocus.com/bid/72612
http://www.zerodayinitiative.com/advisories/ZDI-15-038/
https://support.accelerite.com/hc/en-us/articles/203659814-Accelerite-releases-solutions-and-best-practices-to-enhance-the-security-for-RBAC-and-Remote-Notify-features
https://www.exploit-db.com/exploits/40491/

Copyright 2019, cxsecurity.com

 

Back to Top