JVN#84995847: SKYSEA Client View vulnerable to arbitrary code execution

SKYSEA Client View provided by Sky Co., LTD. is an Enterprise IT Asset Management Tool. SKYSEA Client View agent program contains an issue in processing authentication on the TCP communication with the management console program, which allows an attacker to execute an arbitrary code on the client PC.

Attacks exploiting this vulnerability have been observed in the wild.

Impact

SKYSEA Client View agent program may be manipulated by a remote attacker. As a result, arbitrary code may be executed on the client PC.

Solution

Update the Software
Apply the latest update according to the information provided by the developer.
The developer has released SKYSEA Client View Ver.11.300.08h which contains a fix for this vulnerability.

Apply the Patch
Apply the patch according to the information provided by the developer.
The patch is available from the developer’s support page (registered users only).

Apply a Workaround
The following workaround may mitigate the affects of this vulnerability.

• Restrict access to the SKYSEA Client View agent program

Products Affected

• SKYSEA Client View Ver.11.221.03 and earlier