| CVE ID | |
| CVSS SCORE | 9.0, AV:N/AC:L/Au:S/C:C/I:C/A:C |
| AFFECTED VENDORS |
Novell |
| AFFECTED PRODUCTS |
Zenworks |
| VULNERABILITY DETAILS |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENWorks Remote Management. Access to a single node with Remote Management client installed and configured is required. The specific flaw exists within the storage of Remote Management authentication information on the client. The client utilizes a password stored in the registry that is common among all nodes. This can be exploited by an attacker to execute remote code on any target with the client installed. |
| ADDITIONAL DETAILS |
Novell has issued an update to correct this vulnerability. More details can be found at:
http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=7006557&sliceId=1&docTypeID=DT_TID_1_1&dialogID=80488553&stateId=1%200%2080486291 |
| DISCLOSURE TIMELINE |
|
| CREDIT | sb |
