Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiBen TurnerZDI-15-038
HistoryFeb 10, 2015 - 12:00 a.m.

(0Day) Persistent Systems Client Automation Command Injection Remote Code Execution Vulnerability

2015-02-1000:00:00
Ben Turner
www.zerodayinitiative.com
35

EPSS

0.945

Percentile

99.3%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Persistent Systems Client Automation. Authentication is not required to exploit this vulnerability. The flaw exists within the radexecd.exe component which listens by default on TCP port 3465. When handling a remote execution request the process does not properly authenticate the user issuing the request. The command to be executed is also not properly sanitized. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of SYSTEM. This vulnerability is different than ZDI-11-105.

Related

zdt 3
saint 4
nvd 1
exploitdb 3
exploitpack 2
checkpoint_advisories 2
packetstorm 2
nessus 1
prion 1
metasploit 1
cve 1
cvelist 1
ics 1
zdt
zdt
HP Client - Automation Command Injection / Remote Code Execution
2016-10-10 00:00:00
HP Client Automation Command Injection Exploit
2015-02-26 00:00:00
Persistent Systems Client Automation Command Injection RCE Exploit
2015-02-28 00:00:00
saint
saint
Radia Client Automation radexecd.exe command injection
2015-02-25 00:00:00
Radia Client Automation radexecd.exe command injection
2015-02-25 00:00:00
Radia Client Automation radexecd.exe command injection
2015-02-25 00:00:00
nvd
nvd
CVE-2015-1497
2015-02-16 15:59:10
exploitdb
exploitdb
HP Client 9.1/9.0/8.1/7.9 - Command Injection
2016-10-10 00:00:00
Persistent Systems Client Automation - Command Injection Remote Code Execution (Metasploit)
2015-02-27 00:00:00
HP Client - Automation Command Injection (Metasploit)
2015-02-24 00:00:00
exploitpack
exploitpack
Persistent Systems Client Automation - Command Injection Remote Code Execution (Metasploit)
2015-02-27 00:00:00
HP Client 9.19.08.17.9 - Command Injection
2016-10-10 00:00:00
checkpoint_advisories
checkpoint_advisories
Persistent Systems Radia Client Automation Command Execution - Ver2 (CVE-2015-1497)
2015-03-26 00:00:00
Persistent Systems Radia Client Automation Command Execution (CVE-2015-1497)
2015-03-08 00:00:00
packetstorm
packetstorm
HP Client Automation 7.9 Command Injection
2016-10-10 00:00:00
HP Client Automation Command Injection
2015-02-24 00:00:00
nessus
nessus
Persistent Systems Radia Client Automation Agent Command Injection
2015-10-19 00:00:00
prion
prion
Command injection
2015-02-16 15:59:00
metasploit
metasploit
HP Client Automation Command Injection
2015-02-20 06:41:17
cve
cve
CVE-2015-1497
2015-02-16 15:59:10
cvelist
cvelist
CVE-2015-1497
2015-02-16 15:00:00
ics
ics
Siemens Molecular Imaging Vulnerabilities
2017-08-09 12:00:00

EPSS

0.945

Percentile

99.3%

JSON
Related for ZDI-15-038
zdt3saint4nvd1exploitdb3exploitpack2checkpoint_advisories2packetstorm2nessus1prion1metasploit1cve1cvelist1ics1