Security Updates on Vulnerabilities

Elevation of Privelege

This document will explain you about the vulnerability reported by NCC Group Security Advisory which allows,

  1. Unauthenticated users to execute queries (Query type restriction by-pass) on Desktop Central MSP Server.
  2. Users to execute any web executable throughout the network using directory traversal or file type restriction by-pass.
Vulnerabilities Update Released Build
CVE-2018-5337, CVE-2018-5338, CVE-2018-5339, CVE-2018-5340, CVE-2018-5341 10.0.183


What was the Problem?

  1. Unauthenticated users were able execute queries on Desktop Central MSP Server.
  2. Desktop Central MSP users can execute any web executables as scripts throughout the network computers.

How do I fix it?

This has been identified and fixed, in the Desktop Central MSP build # 10.0.183 . Upgrade to the latest build for these issues to be fixed.


Keywords: Query Execution, Security Updates, Vulnerabilities and Fixes.


Remote Desktop & Mobile Device Management Software for MSPs trusted by