Symantec pcAnywhere Service Unrestricted Access

Critical Nessus Plugin ID 10798

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 5.9


The remote access service on this port allows unrestricted access.


The pcAnywhere service does not require a password to access the desktop of this system. If this machine is running Windows 95, 98, or ME, gaining full control of the machine is trivial. If this system is running NT or 2000 and is currently logged out, an attacker can still spy on and hijack a legitimate user's session when they login.


1. Open the PC Anywhere application as an Administrator. 2. Right click on the Host object you are using and select Properties.
3. Select the Caller Access tab. 4. Switch the authentication type to Windows or PC Anywhere.
5. If you are using PC Anywhere authentication, set a strong password.

Plugin Details

Severity: Critical

ID: 10798

File Name: DDI_Unprotected_PCanywhere.nasl

Version: Revision: 1.27

Type: remote

Agent: windows

Family: Windows

Published: 2001/11/07

Updated: 2012/08/15

Dependencies: 10794, 17975

Risk Information

Risk Factor: Critical

VPR Score: 5.9

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Exploitable With

Metasploit (SNMP Community Scanner)

Reference Information

CVE: CVE-1999-0508