Novell ZENworks Control Center File Upload Remote Code Execution

This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.

Synopsis :

An application on the remote host is affected by a remote code
execution vulnerability.

Description :

The installed version of Novell ZENworks Control Center has a flaw
with authentication checking on '/zenworks/jsp/index.jsp' that can
allow a remote, unauthenticated attacker to upload arbitrary files and
execute them with SYSTEM privileges.

See also :

Solution :

Upgrade to ZENworks 11.2.2 and apply the interim fix, or apply 11.2.3a
Monthly Update 1 for 11.2.3 installs.

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.3
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 65722 ()

Bugtraq ID: 58668

CVE ID: CVE-2013-1080

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now