HP Client Automation radexecd.exe Remote Command Execution

critical Nessus Plugin ID 56166

Synopsis

The HP Client Automation service on the remote port can run commands on the local system without authentication.

Description

The HP Client Automation service on the remote port is affected by a command execution vulnerability. The vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Client Automation. Authentication is not required to exploit the vulnerability.

The flaw exists within the radexecd.exe component. When handling a remote execute request, the process does not properly authenticate the user issuing the request. Utilities are stored in the 'secure' path that could allow an attacker to re-execute an arbitrary executable. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

Solution

See the advisory for a possible solution. Alternatively, block access to the port.

See Also

http://www.nessus.org/u?73bff505

https://www.zerodayinitiative.com/advisories/ZDI-11-105/

Plugin Details

Severity: Critical

ID: 56166

File Name: hpca_command_execution.nasl

Version: 1.9

Type: remote

Agent: windows

Family: Windows

Published: 9/12/2011

Updated: 6/5/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:hp:client_automation_enterprise

Required KB Items: Services/radexecd, www/hp_client_automation_satellite

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No known exploits are available

Exploited by Nessus: true

Patch Publication Date: 3/14/2011

Vulnerability Publication Date: 3/14/2011

Reference Information

CVE: CVE-2011-0889

BID: 46862