Intrusion Prevention

ReadyDesk.Unrestricted.Arbitrary.File.Upload

Description

This indicates an attack attempt to exploit an Arbitrary File Upload Vulnerability in ReadyDesk.
The vulnerability is due to an design flaw in the vulnerable application when handling a file upload request without authentication. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application, via upload an arbitrary file without any authentication.

Affected Products

ReadyDesk version 9.1

Impact

System Compromise: Remote attackers can execute arbitrary command execution under the security context of the root user.

Recommended Actions

From the vendor, apply the upgrade to version 9.2 or above.
http://readydesk.com/news.asp?ID=88

CVE References

CVE-2016-5050