Executive Summary

Summary
Title HP Client Automation and Radia Client Automation is vulnerable to remote code execution
Informations
Name VU#966927 First vendor Publication 2015-10-20
Vendor VU-CERT Last vendor Modification 2015-10-22
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#966927

HP Client Automation and Radia Client Automation is vulnerable to remote code execution

Original Release date: 20 Oct 2015 | Last revised: 22 Oct 2015

Overview

Radia Client Automation (previously sold under the name HP Client Automation) agent prior to version 9.1 is vulnerable to arbitrary remote code execution.

Description

According to ZDI's advisory for ZDI-15-363, which has been assigned CVE-2015-7860:

    "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Client Automation. Authentication is not required to exploit this vulnerability.

    The specific flaw exists within the Hewlett-Packard Client Automation agent. An attacker can send a large buffer of data to the agent which will cause a stack buffer overflow. An attacker can leverage this vulnerability to execute code under the context of the SYSTEM."


According to ZDI's advisory for ZDI-15-364, which has been assigned CVE-2015-7861:
    "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Client Automation. Authentication is not required to exploit this vulnerability.

    The specific flaw exists within the Hewlett-Packard Client Automation agent. An attacker can send arbitrary commands to the agent. An attacker can leverage this vulnerability to execute code under the context of the SYSTEM."


These vulnerabilities impact the Role-Based Access and Remote Notify features of HP Client Automation.

Since 2013, the HP Client Automation software is now developed by Persistent Systems (and its subsidiary Accelerite) under the name Radia Client Automation.

Impact

An unauthenticated remote attacker may be able to execute arbitrary code with SYSTEM privileges.

Solution

Apply an update

Accelerite previously released a hotfix and advisory for this issue in previous versions of HP Client Automation and Radia Client Automation. Affected users may contact Accelerite for hotfix information.

Persistent has addressed the issues in the latest build of Radia Client Automation version 9.1. Affected users are encouraged to update as soon as possible.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
Hewlett-Packard CompanyAffected-14 Oct 2015
Persistent SystemsAffected-14 Oct 2015
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

GroupScoreVector
Base10.0AV:N/AC:L/Au:N/C:C/I:C/A:C
Temporal7.8E:POC/RL:OF/RC:C
Environmental5.9CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

  • https://support.accelerite.com/hc/en-us/articles/203659814-Accelerite-releases-solutions-and-best-practices-to-enhance-the-security-for-RBAC-and-Remote-Notify-features
  • http://www.persistent.com/Persistent-IP/Radia-Client-Automation
  • https://radiasupport.accelerite.com/hc/en-us/articles/203659824
  • http://www.zerodayinitiative.com/advisories/ZDI-15-363/
  • http://www.zerodayinitiative.com/advisories/ZDI-15-364/

Credit

This document was written by Garret Wassermann.

Other Information

  • CVE IDs:CVE-2015-7860CVE-2015-7861
  • Date Public:20 Jul 2015
  • Date First Published:20 Oct 2015
  • Date Last Updated:22 Oct 2015
  • Document Revision:28

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/966927

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-264 Permissions, Privileges, and Access Controls
50 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 4

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2015-10-22 17:21:27
  • Multiple Updates
2015-10-21 09:27:12
  • Multiple Updates
2015-10-21 00:19:24
  • First insertion