JVN#26734798: FFRI AMC vulnerable to OS command injection

FFRI AMC provided by FFRI Security, Inc. is a management console for the endpoint security product FFRI yarai and ActSecure χ.
FFRI AMC contains an OS command injection vulnerability (CWE-78).
It is exploitable when the notification program setting is enabled, the executable file path is configured with a batch file (.bat) or command file (.cmd), and the file is written in a certain style.

Impact

When an attacker pretends to be a yarai client and sends crafted request, an arbitrary OS command may be executed on the victim FFRI AMC.

Solution

Update the software
Update the software to the latest version according to the information provided by the developer.
The following versions are provided to address the vulnerability:

• FFRI Security, Inc.
  • FFRI AMC version 3.6.1
• NEC Corporation
  • FFRI AMC for ActSecure χ version 3.6.1
• Sky Co., Ltd.
  • EDR Plus Pack (Bundled FFRI AMC version 3.6.1)

Products Affected

• FFRI AMC versions 3.4.0 to 3.5.3
  The developer states that the following OEM products of FFRI AMC are affected, too.
• NEC Corporation
  • FFRI AMC for ActSecure χ versions 3.4.0 to 3.5.3
• Sky Co., Ltd.
  • EDR Plus Pack (Bundled FFRI AMC versions 3.4.0 to 3.5.3)
    FFRI yarai cloud, FFRI yarai, and FFRI yarai Home and Business Edition are not affected by this vulnerability.
    In addition, FFRI yarai OEM products other than those listed above are also not affected by this vulnerability.