Insecure File Handling in ARCServeIT Client Agent 6.62

Insecure File Handling in ARCServeIT Client Agent 6.62

CVE-2000-0781 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

uagentsetup in ARCServeIT Client Agent 6.62 does not properly check for the existence or ownership of a temporary file which is moved to the agent.cfg configuration file, which allows local users to execute arbitrary commands by modifying the temporary file before it is moved.

Learn more about our User Device Pen Test.