Elevation of Privilege
This document will explain you about the vulnerability reported by NCC Group Security Advisory which allows,
- Unauthenticated users to execute queries (Query type restriction by-pass) on Desktop Central Server.
- Users to execute any web executable throughout the network using directory traversal or file type restriction by-pass.
||Fix Released on
|CVE-2018-5337, CVE-2018-5338, CVE-2018-5341
What was the Problem?
- Unauthenticated users were able to execute queries on Desktop Central Server.
- Desktop Central users can execute any web executable throughout the network computers.
How do I fix it?
This has been identified and fixed on 27-March-2018. To apply this fix, follow the below steps:
- Log in to your Desktop Central console, click on your current build number on the top right corner.
- You can find the latest build applicable to you. Download the PPM and update.
Keywords: Query Execution, Security Updates, Vulnerabilities and Fixes.