The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 does not require authentication for (1) the "LOG." command, which allows remote attackers to create or overwrite arbitrary files; (2) the SETTINGSFILE command, which allows remote attackers to overwrite the ini file, and reconfigure VSAOD or cause a denial of service; or (3) the UNINSTALL command, which allows remote attackers to cause a denial of service (daemon shutdown). NOTE: vector 1 can be leveraged for code execution by writing to a Startup folder.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2007-08-03T20:00:00
Updated: 2024-08-07T14:46:39.343Z
Reserved: 2007-08-03T00:00:00
Link: CVE-2007-4149
Vulnrichment
No data.
NVD
Status : Modified
Published: 2007-08-03T20:17:00.000
Modified: 2024-11-21T00:34:53.943
Link: CVE-2007-4149
Redhat
No data.