Detections
Analytics

Websense Triton 7.1.x < 7.1.3 / 7.5.x < 7.5.3 / 7.6.0 < 7.6.1 / 7.6.2 < 7.6.3 Remote Command Execution

high Nessus Plugin ID 70119

Language:

Synopsis

The remote web server contains a web application that is affected by a remote command execution vulnerability.

Description

The remote application is running Websense Triton, a commercial suite of web filtering products.

The remote instance of Websense Triton fails to sanitize user-supplied input specifically affecting the 'explorer_wse/ws_irpt.exe' file. An attacker can exploit this issue to execute arbitrary commands with SYSTEM-level privileges.

Solution

There are no known workarounds or upgrades to correct this issue.
Websense has released the following Hotfixes to address this vulnerability :

 - Hotfix 109 for version 7.1.0
 - Hotfix 06 for version 7.1.1
 - Hotfix 78 for version 7.5.0
 - Hotfix 12 for version 7.5.1
 - Hotfix 24 for version 7.6.0
 - Hotfix 12 for version 7.6.2

See Also

https://seclists.org/bugtraq/2012/Apr/228

http://www.nessus.org/u?b760104a

http://www.nessus.org/u?835b4d84

http://www.nessus.org/u?5344eced

http://www.nessus.org/u?fd549235

http://www.nessus.org/u?65c28103

http://www.nessus.org/u?433ca77e

http://www.websense.com/content/Home.aspx

Plugin Details

Severity: High

ID: 70119

File Name: websense_remote_cmd_exec.nasl

Version: 1.11

Type: local

Agent: windows

Family: Windows

Published: 9/25/2013

Updated: 6/3/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:websense:websense_web_security

Required KB Items: Settings/ParanoidReport, SMB/Registry/Enumerated

Exploit Ease: No known exploits are available

Patch Publication Date: 12/15/2011

Vulnerability Publication Date: 12/15/2011

Reference Information

CVE: CVE-2011-5102

BID: 51086

IAVA: 2012-A-0141-S