Remote Code Execution Vulnerabilities

This document will explain you about the vulnerabilities, which allows attackers to execute arbitrary code on the Endpoint Central server. You can find more details on its impact in Endpoint Central, and the steps to be followed to get it fixed.

Vulnerabilities Update Released Build Update Released Date
CVE-2014-5005, CVE-2014-5006,
CVE-2014-5007, CVE-2013-7390
90055 Aug 7th 2014
CVE-2014-9371 90066 Sep 10th 2014
Remote Code Execution on ZohoMeetingAppletInstall.jar 90128 Jan 22nd 2015
Remote Code Execution in
System tools' execution status update
91043 Jul 13th 2015
Remote Code Execution while uploading recorded remote sessions to the server 91093 Oct 24th 2015
CVE-2015-82001 & Remote Code Execution in few servlets 91100 Dec 12th 2015
CVE-2017-11346 Remote Code Execution while uploading help desk videos
100092 May 22nd 2017


What was the Problem?

Attackers were able to remotely execute vulnerable arbitrary codes on Endpoint Central server. This might hinder or harm the data or functioning of Endpoint Central.

How do I fix it?

This has been identified and fixed, in the Endpoint Central build # 100092 . Upgrade to the latest build for these issues to be fixed.

 

Keywords: Remote Code Execution, Security Updates, Vulnerabilities and Fixes, CVE-2014-5005, CVE-2014-5006, CVE-2014-5007, CVE-2013-7390, CVE-2014-9371, ZohoMeetingAppletInstall.jar