HP Client Automation radexecd.exe Remote Command Execution

This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.


Synopsis :

The HP Client Automation service on the remote port can run commands
on the local system without authentication.

Description :

The HP Client Automation service on the remote port is affected by a
command execution vulnerability. The vulnerability allows remote
attackers to execute arbitrary code on vulnerable installations of HP
Client Automation. Authentication is not required to exploit the
vulnerability.

The flaw exists within the radexecd.exe component. When handling a
remote execute request, the process does not properly authenticate the
user issuing the request. Utilities are stored in the 'secure' path
that could allow an attacker to re-execute an arbitrary executable. A
remote attacker can exploit this vulnerability to execute arbitrary
code under the context of the SYSTEM user.

See also :

http://www.nessus.org/u?bd4f4171
http://www.zerodayinitiative.com/advisories/ZDI-11-105/

Solution :

See the advisory for a possible solution. Alternatively, block access to the port.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:U/RL:OF/RC:ND)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 56166 ()

Bugtraq ID: 46862

CVE ID: CVE-2011-0889

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now