HP Client Automation radexecd.exe Remote Command Execution

Critical Nessus Plugin ID 56166


The HP Client Automation service on the remote port can run commands on the local system without authentication.


The HP Client Automation service on the remote port is affected by a command execution vulnerability. The vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Client Automation. Authentication is not required to exploit the vulnerability.

The flaw exists within the radexecd.exe component. When handling a remote execute request, the process does not properly authenticate the user issuing the request. Utilities are stored in the 'secure' path that could allow an attacker to re-execute an arbitrary executable. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.


See the advisory for a possible solution. Alternatively, block access to the port.

See Also



Plugin Details

Severity: Critical

ID: 56166

File Name: hpca_command_execution.nasl

Version: $Revision: 1.5 $

Type: remote

Agent: windows

Family: Windows

Published: 2011/09/12

Modified: 2015/09/24

Dependencies: 27627, 56165

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:ND

Vulnerability Information

CPE: cpe:/a:hp:client_automation_enterprise

Required KB Items: Services/radexecd, www/hp_client_automation_satellite

Exploit Available: false

Exploit Ease: No known exploits are available

Exploited by Nessus: true

Patch Publication Date: 2011/03/14

Vulnerability Publication Date: 2011/03/14

Reference Information

CVE: CVE-2011-0889

BID: 46862

OSVDB: 71179