Security Updates on Vulnerabilities

Elevation of Privilege

This document will explain you about the vulnerability reported by NCC Group Security Advisory which allows,

  1. Unauthenticated users to execute queries (Query type restriction by-pass) on Desktop Central Server.
  2. Users to execute any web executable throughout the network using directory traversal or file type restriction by-pass.
Vulnerabilities Fix Released on
CVE-2018-5337, CVE-2018-5338, CVE-2018-5341 27-March-2018

 

What was the Problem?

  1. Unauthenticated users were able to execute queries on Desktop Central Server.
  2. Desktop Central users can execute any web executable throughout the network computers.

How do I fix it?

This has been identified and fixed on 27-March-2018. To apply this fix, follow the below steps:

  1. Log in to your Desktop Central console, click on your current build number on the top right corner.
  2. You can find the latest build applicable to you. Download the PPM and update.
  3.  

    Keywords: Query Execution, Security Updates, Vulnerabilities and Fixes.