CERTVU:966927HP Client Automation and Radia Client Automation is vulnerable to remote code execution
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.663 Medium
EPSS
Percentile
97.9%
Overview
Radia Client Automation (previously sold under the name HP Client Automation) agent prior to version 9.1 is vulnerable to arbitrary remote code execution.
Description
According to ZDI’s advisory for ZDI-15-363, which has been assigned CVE-2015-7860:
_"_This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Client Automation. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the Hewlett-Packard Client Automation agent. An attacker can send a large buffer of data to the agent which will cause a stack buffer overflow. An attacker can leverage this vulnerability to execute code under the context of the SYSTEM.__"
According to ZDI’s advisory for ZDI-15-364, which has been assigned CVE-2015-7861:
_"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Client Automation. Authentication is not required to exploit this vulnerability. _
The specific flaw exists within the Hewlett-Packard Client Automation agent. An attacker can send arbitrary commands to the agent. An attacker can leverage this vulnerability to execute code under the context of the SYSTEM."
These vulnerabilities impact the Role-Based Access and Remote Notify features of HP Client Automation.
Since 2013, the HP Client Automation software is now developed by Persistent Systems (and its subsidiary Accelerite) under the name Radia Client Automation.
Impact
An unauthenticated remote attacker may be able to execute arbitrary code with SYSTEM privileges.
Solution
Apply an update
Accelerite previously released a hotfix and advisory for this issue in previous versions of HP Client Automation and Radia Client Automation. Affected users may contact Accelerite for hotfix information.
Persistent has addressed the issues in the latest build of Radia Client Automation version 9.1. Affected users are encouraged to update as soon as possible.
Vendor Information
966927
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Hewlett-Packard Company __ Affected
Updated: October 14, 2015
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
Prior to 2013, HP developed the HP Client Automation software. In 2013, HP licensed the software to Persistent Systems, which now sells the software under the name Radia Client Automation. It is currently unclear which versions prior to Radia Client Automation 9.1 are affected by this vulnerability.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23966927 Feedback>).
Persistent Systems __ Affected
Updated: August 14, 2017
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
Addendum
Prior to 2013, HP developed the HP Client Automation software. In 2013, HP licensed the software to Persistent Systems, which now sells the software under the name Radia Client Automation. It is currently unclear which versions prior to Radia Client Automation 9.1 are affected by this vulnerability.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23966927 Feedback>).
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 10 | AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Temporal | 7.8 | E:POC/RL:OF/RC:C |
| Environmental | 5.9 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
References
- <https://support.accelerite.com/hc/en-us/articles/203659814-Accelerite-releases-solutions-and-best-practices-to-enhance-the-security-for-RBAC-and-Remote-Notify-features>
- <http://www.persistent.com/Persistent-IP/Radia-Client-Automation>
- <https://support.accelerite.com/hc/en-us/articles/203659824>
- <http://www.zerodayinitiative.com/advisories/ZDI-15-363/>
- <http://www.zerodayinitiative.com/advisories/ZDI-15-364/>
Acknowledgements
This document was written by Garret Wassermann.
Other Information
| CVE IDs: | CVE-2015-7860, CVE-2015-7861 |
|---|---|
| Date Public: | 2015-07-20 Date First Published: |
References
www.persistent.com/Persistent-IP/Radia-Client-Automation
www.zerodayinitiative.com/advisories/ZDI-15-363/
www.zerodayinitiative.com/advisories/ZDI-15-364/
support.accelerite.com/hc/en-us/articles/203659814-Accelerite-releases-solutions-and-best-practices-to-enhance-the-security-for-RBAC-and-Remote-Notify-features
support.accelerite.com/hc/en-us/articles/203659824
Related
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.663 Medium
EPSS
Percentile
97.9%