Remote Code Execution Vulnerability

This document explains the Remote Code Execution vulnerability that have been reported.

Update Release build : 100356
Update Release Date : 07-March-2020

 

What is the problem?

This vulnerability could allow remote attackers to execute arbitrary code on affected installations of Device Control Plus. Authentication is not required to exploit this vulnerability.

How to fix it?

These vulnerabilities have been identified and fixed. To apply the fix, follow the steps mentioned below:

    1. Log in to your Device Control Plus console, click on your current build number on the top right corner.
    2. You can find the latest build applicable to you. Download the PPM and update.

The hotfix is also available here

 

Keywords: remote code execution, Security Updates, Vulnerabilities and Fixes.