Supervene RazDC Command Injection Vulnerability



A vulnerability in Supervene RazDC could allow an unauthenticated, remote attacker to inject and execute arbitrary commands on a targeted system.

The vulnerability is due to insufficient validation of user-supplied input that is processed by the affected software. An attacker could exploit this vulnerability by sending a request that submits malicious input to the targeted system. A successful exploit could allow the attacker to inject and execute arbitrary commands on the system, which could result in a complete system compromise.

Supervene has not confirmed the vulnerability and software updates are not available.

Administrators are advised to contact the vendor regarding future updates and releases.

Administrators are advised to allow only trusted users to have network access.

Administrators are advised to implement an intrusion prevention system (IPS) or intrusion detection system (IDS) to help detect and prevent attacks that attempt to exploit this vulnerability.

Administrators can apply Snort SID 48246 to help prevent attacks that attempt to exploit this vulnerability.

Administrators are advised to monitor critical systems.

Security Impact Rating: High

CVE: CVE-2018-15549

Source:: Cisco Multivendor Vulnerability Alerts