HP Mercury LoadRunner Agent Remote Command Execution

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

It is possible to execute arbitrary commands on the remote system.

Description :

The version of the LoadRunner Agent installed on the remote host allows
an unauthorized attacker to execute arbitrary commands on the remote
system provided 'Secure Channel' is disabled (which is disabled by
default).

See also :

https://www.tenable.com/security/research/tra-2010-01
http://www.zerodayinitiative.com/advisories/ZDI-10-080/
http://www.nessus.org/u?b43bd418
http://seclists.org/bugtraq/2010/May/33

Solution :

Upgrade to HP LoadRunner v9.50, and refer to the documentation to
enable 'Secure Channel' communication.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 46255 (loadrunner_agent_remote_command_execution.nasl)

Bugtraq ID: 39965

CVE ID: CVE-2010-1549

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now