The agent in Bradford Network Sentry before 5.3.3 does not require authentication for messages, which allows remote attackers to trigger the display of arbitrary text on a workstation via a crafted packet to UDP port 4567, as demonstrated by a replay attack.
CPE | Name | Operator | Version |
---|---|---|---|
network_sentry_appliance | eq | 500.0.0-rx-ns | |
network_sentry_appliance | eq | 500.0.0-x-ns | |
network_sentry_appliance_software | le | 5.3 |