PT-2011-4881 · Tadasoft · Tadasoft Restorepoint

Published

2011-12-13

Updated

2011-12-13

CVE-2011-4201

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Tadasoft Restorepoint version 3.2

Description The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the pid1 or pid2 parameter in a stop remote support action. This is related to the remote support.cgi component.

Recommendations For Tadasoft Restorepoint version 3.2, avoid using the pid1 and pid2 parameters in the stop remote support action until the issue is resolved. As a temporary workaround, consider restricting access to the remote support.cgi component to minimize the risk of exploitation.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2011-4201

Affected Products

Tadasoft Restorepoint

PT-2011-4881 · Tadasoft · Tadasoft Restorepoint

CVE-2011-4201

Weakness Enumeration

Related Identifiers

Affected Products

References · 2