Detections
Analytics

Alchemy Eye/Network Monitor Traversal Arbitrary Command Execution

high Nessus Plugin ID 10818

Synopsis

The remote web server is affected by a remote command execution vulnerability.

Description

Alchemy Eye and Alchemy Network Monitor are network management tools for Microsoft Windows. The product contains a built-in HTTP server for remote monitoring and control. This HTTP server allows arbitrary commands to be run on the server by a remote attacker.

Solution

Either disable HTTP access in Alchemy Eye, or require authentication for Alchemy Eye. Both of these can be set in the Alchemy Eye preferences.

See Also

http://www.rapid7.com/security-center/advisories/R7-0001.jsp

Plugin Details

Severity: High

ID: 10818

File Name: alchemy_eye_http.nasl

Version: 1.27

Type: remote

Family: CGI abuses

Published: 12/3/2001

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: www/alchemy

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 11/29/2001

Reference Information

CVE: CVE-2001-0871

BID: 3599