eIQnetworks Enterprise Security Analyzer Monitoring.exe Multiple Command Overflow
Critical Nessus Plugin ID 22196
SynopsisThe remote host contains an application that is vulnerable to a remote buffer overflow attack.
DescriptionThe version of eIQnetworks Enterprise Security Analyzer, Network Security Analyzer, or one of its OEM versions installed on the remote host contains a buffer overflow in its Monitoring Agent service. Using a long argument to a command, an unauthenticated, remote attacker may be able to leverage this issue to execute arbitrary code on the affected host with LOCAL SYSTEM privileges.
SolutionUpgrade to Enterprise Security Analyzer 2.1.14 / Network Security Analyzer 4.5.4 / OEM software 4.5.4 or later.