CVE-2007-4149

NONECVSS 0.0

0.0

The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 does not require authentication for (1) the "LOG." command, which allows remote attackers to create or overwrite arbitrary files; (2) the SETTINGSFILE command, which allows remote attackers to overwrite the ini file, and reconfigure VSAOD or cause a denial of service; or (3) the UNINSTALL command, which allows remote attackers to cause a denial of service (daemon shutdown). NOTE: vector 1 can be leveraged for code execution by writing to a Startup folder.

🔗 References (10)

cve@mitrehttp://osvdb.org/42462
cve@mitrehttp://www.portcullis.co.uk/uplds/advisories/vafileover-06-039.txt
cve@mitrehttp://www.portcullis.co.uk/uplds/advisories/vainifileoverwrite%20-%2006_041.txt
cve@mitrehttp://www.portcullis.co.uk/uplds/advisories/vauninstall%2006_045.txt
cve@mitrehttp://www.securityfocus.com/bid/25153
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/42462
af854a3a-2127-422b-91ae-364da2661108http://www.portcullis.co.uk/uplds/advisories/vafileover-06-039.txt
af854a3a-2127-422b-91ae-364da2661108http://www.portcullis.co.uk/uplds/advisories/vainifileoverwrite%20-%2006_041.txt
af854a3a-2127-422b-91ae-364da2661108http://www.portcullis.co.uk/uplds/advisories/vauninstall%2006_045.txt
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/25153

Is Your Infrastructure Affected by CVE-2007-4149?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2007-4149

📅 Published

🔄 Last Modified

🔗 References (10)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2007-4149?