Visionsoft Audit multiple vulnerability detection The Visionsoft Audit on Demand service may be vulnerable to multiple issues which can be exploited remotely without authentication: Heap overflow via LOG command (CVE-2007-4148) Multiple arbitrary file overwrites via LOG and SETTINGSFILE command (CVE-2007-4149) Denial of service via UNINSTALL command (CVE-2007-4149) Additionally, the underlying protocol for authentication has been reported as being vulnerable to replay attacks (CVE-2007-4152) and the settings file is typically installed with inappropriate permissions (CVE-2007-4150). On the following platforms, we recommend you mitigate in the described manner: Visionsoft Audit 126.96.36.199 We recommend you mitigate in the following manner: Filter inbound traffic to 5957/tcp to only known management hosts
We recommend that Visionsoft are contacted for a patch.
Updated on 2015-03-25
CVE CVE-2007-4148, CVE-2007-4149, CVE-2007-4150, CVE-2007-4151, CVE-2007-4152
CVSS Base Score: 10.0