search menu icon-carat-right cmu-wordmark

CERT Coordination Center


HP Client Automation and Radia Client Automation is vulnerable to remote code execution

Vulnerability Note VU#966927

Original Release Date: 2015-10-20 | Last Revised: 2017-08-14

Overview

Radia Client Automation (previously sold under the name HP Client Automation) agent prior to version 9.1 is vulnerable to arbitrary remote code execution.

Description

According to ZDI's advisory for ZDI-15-363, which has been assigned CVE-2015-7860:


    "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Client Automation. Authentication is not required to exploit this vulnerability.

    The specific flaw exists within the Hewlett-Packard Client Automation agent. An attacker can send a large buffer of data to the agent which will cause a stack buffer overflow. An attacker can leverage this vulnerability to execute code under the context of the SYSTEM."


According to ZDI's advisory for ZDI-15-364, which has been assigned CVE-2015-7861:
    "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Client Automation. Authentication is not required to exploit this vulnerability.

    The specific flaw exists within the Hewlett-Packard Client Automation agent. An attacker can send arbitrary commands to the agent. An attacker can leverage this vulnerability to execute code under the context of the SYSTEM."


These vulnerabilities impact the Role-Based Access and Remote Notify features of HP Client Automation.

Since 2013, the HP Client Automation software is now developed by Persistent Systems (and its subsidiary Accelerite) under the name Radia Client Automation.

Impact

An unauthenticated remote attacker may be able to execute arbitrary code with SYSTEM privileges.

Solution

Apply an update

Accelerite previously released a hotfix and advisory for this issue in previous versions of HP Client Automation and Radia Client Automation. Affected users may contact Accelerite for hotfix information.

Persistent has addressed the issues in the latest build of Radia Client Automation version 9.1. Affected users are encouraged to update as soon as possible.

Vendor Information

966927
Expand all

Hewlett-Packard Company

Updated:  October 14, 2015

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

Prior to 2013, HP developed the HP Client Automation software. In 2013, HP licensed the software to Persistent Systems, which now sells the software under the name Radia Client Automation. It is currently unclear which versions prior to Radia Client Automation 9.1 are affected by this vulnerability.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Persistent Systems

Updated:  August 14, 2017

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

https://support.accelerite.com/hc/en-us/articles/203659824

Addendum

Prior to 2013, HP developed the HP Client Automation software. In 2013, HP licensed the software to Persistent Systems, which now sells the software under the name Radia Client Automation. It is currently unclear which versions prior to Radia Client Automation 9.1 are affected by this vulnerability.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C
Temporal 7.8 E:POC/RL:OF/RC:C
Environmental 5.9 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

Credit

This document was written by Garret Wassermann.

Other Information

CVE IDs: CVE-2015-7860, CVE-2015-7861
Date Public: 2015-07-20
Date First Published: 2015-10-20
Date Last Updated: 2017-08-14 09:27 UTC
Document Revision: 32

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.