Main Vulnerability Database Exploits ID:4318 - Exploit for Improper Authentication in pcAnywhere - CVE-2011-3478

ID:4318 - Exploit for Improper Authentication in pcAnywhere - CVE-2011-3478

Published: August 11, 2020

Vulnerability identifier: #VU44363

Vulnerability risk: High

CVE-ID: CVE-2011-3478

CWE-ID: CWE-287

Exploitation vector: Remote access

Vulnerable software:
pcAnywhere

Link to public exploit:

https://www.exploit-db.com/exploits/38599/

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The host-services component in Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), does not properly filter login and authentication data, which allows remote attackers to execute arbitrary code via a crafted session on TCP port 5631.

Remediation

Install update from vendor's website.

ID:4318 - Exploit for Improper Authentication in pcAnywhere - CVE-2011-3478

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human