Threat Encyclopedia

ReadyDesk.Unrestricted.Arbitrary.File.Upload

description-logoDescription

This indicates an attack attempt to exploit an Arbitrary File Upload Vulnerability in ReadyDesk.
The vulnerability is due to an design flaw in the vulnerable application when handling a file upload request without authentication. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application, via upload an arbitrary file without any authentication.

affected-products-logoAffected Products

ReadyDesk version 9.1

Impact

System Compromise: Remote attackers can execute arbitrary command execution under the security context of the root user.

recomended-action-logoRecommended Actions

From the vendor, apply the upgrade to version 9.2 or above.
http://readydesk.com/news.asp?ID=88

CVE References

CVE-2016-5050