NetSupport Manager Client Spoofing Remote Authentication Bypass

critical Nessus Plugin ID 26071

Synopsis

The remote Windows host has a program that is prone to an authentication bypass attack.

Description

NetSupport Manager (NSM), a multi-platform remote control application, is installed on the remote host.

According to its version, the NetSupport Manager client component on the remote host does not properly handle authentication sessions. A remote attacker may be able to leverage this issue to pose as the NetSupport Manager, associate to the NSM client, and gain complete control of the affected system.

Solution

Upgrade to NetSupport Manager version 10.20.0004 or later.

See Also

https://www.securityfocus.com/archive/1/480240/30/0/threaded

http://www.netsupportsoftware.com/support/td.asp?td=543

Plugin Details

Severity: Critical

ID: 26071

File Name: nsm_client_auth_bypass.nasl

Version: 1.14

Type: local

Agent: windows

Family: Windows

Published: 9/24/2007

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Ease: No known exploits are available

Reference Information

CVE: CVE-2007-5057

BID: 25761

CWE: 287