hagent.exe in Wyse Device Manager (WDM) 4.7.x does not require authentication for commands, which allows remote attackers to obtain management access via a crafted query, as demonstrated by a V52 query that triggers a power-off action.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2012-06-19T20:00:00Z

Updated: 2024-09-17T02:31:30.157Z

Reserved: 2009-02-22T00:00:00Z

Link: CVE-2009-0695

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2012-06-19T20:55:02.630

Modified: 2024-11-21T01:00:42.390

Link: CVE-2009-0695

cve-icon Redhat

No data.