Elevation of Privilege
This document will explain you about the vulnerability reported by NCC Group Security Advisory which allows,
- Unauthenticated users to execute queries (Query type restriction by-pass) on Endpoint Central MSP Server.
- Users to execute any web executable throughout the network using directory traversal or file type restriction by-pass.
Vulnerabilities | Update Released Build |
CVE-2018-5337, CVE-2018-5338, CVE-2018-5339, CVE-2018-5340, CVE-2018-5341 |
10.0.183 |
What was the Problem?
- Unauthenticated users were able execute queries on Endpoint Central MSP Server.
- Endpoint Central MSP users can execute any web executables as scripts throughout the network computers.
How do I fix it?
This has been identified and fixed, in the Endpoint Central MSP build # 10.0.183 . Upgrade to the latest build for these issues to be fixed.
Keywords: Query Execution, Security Updates, Vulnerabilities and Fixes.