Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1497

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2015-1497
Last Modified 23 Mar 2015 10:02:27
Published 16 Feb 2015 10:59:10
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-1497

Summary

radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execute arbitrary commands via a crafted request to TCP port 3465.

Vulnerable Systems

Application

  • Persistent Systems Radia Client Automation 7.9

  • Persistent Systems Radia Client Automation 8.1

  • Persistent Systems Radia Client Automation 9.0

  • Persistent Systems Radia Client Automation 9.1


References

MISC - https://radiasupport.accelerite.com/hc/en-us/articles/203659814-Accelerite-releases-solutions-and-best-practices-to-enhance-the-security-for-RBAC-and-Remote-Notify-features

MISC - http://www.zerodayinitiative.com/advisories/ZDI-15-038/

MISC - http://packetstormsecurity.com/files/130459/HP-Client-Automation-Command-Injection.html

EXPLOIT-DB - 36169

OSVDB - 118382

EXPLOIT-DB - 36206


Last Updated: 27 May 2016 11:07:57