Security Updates on Vulnerabilities

 U

Elevation of Privilege

This document will explain you about the vulnerability reported by NCC Group Security Advisory which allows,

  1. Unauthenticated users to execute queries (Query type restriction by-pass) on Endpoint Central MSP Server.
  2. Users to execute any web executable throughout the network using directory traversal or file type restriction by-pass.
VulnerabilitiesUpdate Released Build
CVE-2018-5337, CVE-2018-5338, CVE-2018-5339, CVE-2018-5340, CVE-2018-5341 10.0.183

 

What was the Problem?

  1. Unauthenticated users were able execute queries on Endpoint Central MSP Server.
  2. Endpoint Central MSP users can execute any web executables as scripts throughout the network computers.

How do I fix it?

This has been identified and fixed, in the Endpoint Central MSP build # 10.0.183 . Upgrade to the latest build for these issues to be fixed.

 

Keywords: Query Execution, Security Updates, Vulnerabilities and Fixes.

 

Remote Desktop & Mobile Device Management Software for MSPs trusted by