Novell ZENworks Configuration Management < 10 SP3 Multiple Flaws

Critical Nessus Plugin ID 45569


The remote Windows host contains an application that is affected by multiple vulnerabilities.


ZENworks Configuration Management, a configuration management software from Novell, is installed on the remote Windows host.

According to its version, it is affected by several vulnerabilities :

- An unspecified vulnerability in ZCM Preboot Service may allow an attacker to execute arbitrary code on the remote system. (TID 7005572)

- An unspecified vulnerability in ZCM Remote Execution may allow an attacker to execute arbitrary code on the remote system. (TID 7005573)


Upgrade to ZENworks 10 Configuration Management SP3 (10.3) or later.

See Also

Plugin Details

Severity: Critical

ID: 45569

File Name: novell_zcm_10_3.nasl

Version: $Revision: 1.12 $

Type: local

Agent: windows

Family: Windows

Published: 2010/04/19

Modified: 2016/11/23

Dependencies: 58445

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:novell:zenworks_configuration_management

Required KB Items: SMB/Novell/ZENworks/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2010/03/30

Vulnerability Publication Date: 2010/03/30

Exploitable With

Metasploit (Novell ZENworks Configuration Management Preboot Service 0x06 Buffer Overflow)

Elliot (Novell ZENworks Configuration Management File Upload)

Reference Information

BID: 39111, 39114, 40486

OSVDB: 63411, 63412, 65361

EDB-ID: 16784, 19931, 19932

Secunia: 39212