Elevation of Privelege
This document will explain you about the vulnerability reported by NCC Group Security Advisory which allows,
- Unauthenticated users to execute queries (Query type restriction by-pass) on Desktop Central MSP Server.
- Users to execute any web executable throughout the network using directory traversal or file type restriction by-pass.
||Update Released Build
|CVE-2018-5337, CVE-2018-5338, CVE-2018-5339, CVE-2018-5340, CVE-2018-5341
What was the Problem?
- Unauthenticated users were able execute queries on Desktop Central MSP Server.
- Desktop Central MSP users can execute any web executables as scripts throughout the network computers.
How do I fix it?
This has been identified and fixed, in the Desktop Central MSP build # 10.0.183 . Upgrade to the latest build for these issues to be fixed.
Keywords: Query Execution, Security Updates, Vulnerabilities and Fixes.