The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 does not require authentication for (1) the "LOG." command, which allows remote attackers to create or overwrite arbitrary files; (2) the SETTINGSFILE command, which allows remote attackers to overwrite the ini file, and reconfigure VSAOD or cause a denial of service; or (3) the UNINSTALL command, which allows remote attackers to cause a denial of service (daemon shutdown). NOTE: vector 1 can be leveraged for code execution by writing to a Startup folder.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-08-03T20:00:00

Updated: 2024-08-07T14:46:39.343Z

Reserved: 2007-08-03T00:00:00

Link: CVE-2007-4149

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2007-08-03T20:17:00.000

Modified: 2024-11-21T00:34:53.943

Link: CVE-2007-4149

cve-icon Redhat

No data.