Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:9E43F4058489D83CC8BE67D9B86D242E
HistoryFeb 25, 2015 - 12:00 a.m.

Radia Client Automation radexecd.exe command injection

2015-02-2500:00:00
SAINT Corporation
download.saintcorporation.com
70

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.956 High

EPSS

Percentile

99.2%

JSON

Added: 02/25/2015
CVE: CVE-2015-1497
BID: 72612
OSVDB: 118382

Background

Radia Client Automation is an endpoint management solution.

Problem

The **radexecd.exe** daemon does not properly authenticate or sanitize user requests, allowing remote attackers to execute arbitrary commands.

Resolution

Use the workarounds described in the Accelerite announcement.

References

<http://www.zerodayinitiative.com/advisories/ZDI-15-038/&gt;

Limitations

Exploit works on Radia Client Automation 9.00 on CentOS 5.

Platforms

Linux

Related

zdt 3
checkpoint_advisories 2
packetstorm 2
saint 3
exploitpack 2
zdi 1
prion 1
nessus 1
cve 1
exploitdb 2
ics 1
zdt
zdt
HP Client - Automation Command Injection / Remote Code Execution
2016-10-10 00:00:00
Persistent Systems Client Automation Command Injection RCE Exploit
2015-02-28 00:00:00
HP Client Automation Command Injection Exploit
2015-02-26 00:00:00
checkpoint_advisories
checkpoint_advisories
Persistent Systems Radia Client Automation Command Execution - Ver2 (CVE-2015-1497)
2015-03-26 00:00:00
Persistent Systems Radia Client Automation Command Execution (CVE-2015-1497)
2015-03-08 00:00:00
packetstorm
packetstorm
HP Client Automation 7.9 Command Injection
2016-10-10 00:00:00
HP Client Automation Command Injection
2015-02-24 00:00:00
saint
saint
Radia Client Automation radexecd.exe command injection
2015-02-25 00:00:00
Radia Client Automation radexecd.exe command injection
2015-02-25 00:00:00
Radia Client Automation radexecd.exe command injection
2015-02-25 00:00:00
exploitpack
exploitpack
Persistent Systems Client Automation - Command Injection Remote Code Execution (Metasploit)
2015-02-27 00:00:00
HP Client 9.19.08.17.9 - Command Injection
2016-10-10 00:00:00
zdi
zdi
(0Day) Persistent Systems Client Automation Command Injection Remote Code Execution Vulnerability
2015-02-10 00:00:00
prion
prion
Command injection
2015-02-16 15:59:00
nessus
nessus
Persistent Systems Radia Client Automation Agent Command Injection
2015-10-19 00:00:00
cve
cve
CVE-2015-1497
2015-02-16 15:59:00
exploitdb
exploitdb
HP Client 9.1/9.0/8.1/7.9 - Command Injection
2016-10-10 00:00:00
Persistent Systems Client Automation - Command Injection Remote Code Execution (Metasploit)
2015-02-27 00:00:00
ics
ics
Siemens Molecular Imaging Vulnerabilities
2017-08-09 12:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.956 High

EPSS

Percentile

99.2%

JSON
Related for SAINT:9E43F4058489D83CC8BE67D9B86D242E
zdt3checkpoint_advisories2packetstorm2saint3exploitpack2zdi1prion1nessus1cve1exploitdb2ics1