Vulnerability Description
The admin interface in Landesk Management Suite 9.6 and earlier allows remote attackers to conduct remote file inclusion attacks involving ASPX pages from third-party sites via the d parameter to (1) ldms/sm_actionfrm.asp or (2) remote/frm_coremainfrm.aspx; or the (3) top parameter to remote/frm_splitfrm.aspx.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Landesk | Landesk Management Suite | <= 9.6 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/131496/Landesk-Management-Suite-9.5-RFI-CSRExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/archive/1/535286/100/1100/threaded
- http://www.securityfocus.com/bid/74190Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1032203Third Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/131496/Landesk-Management-Suite-9.5-RFI-CSRExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/archive/1/535286/100/1100/threaded
- http://www.securityfocus.com/bid/74190Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1032203Third Party AdvisoryVDB Entry
FAQ
What is CVE-2014-5362?
CVE-2014-5362 is a vulnerability with a CVSS score of 7.2 (HIGH). The admin interface in Landesk Management Suite 9.6 and earlier allows remote attackers to conduct remote file inclusion attacks involving ASPX pages from third-party sites via the d parameter to (1) ...
How severe is CVE-2014-5362?
CVE-2014-5362 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-5362?
Check the references section above for vendor advisories and patch information. Affected products include: Landesk Landesk Management Suite.