CVE-2014-0607

Attachmate Verastream Process Designer Process Server Remote Code Execution Vulnerability

Severity Score

10.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Unrestricted file upload vulnerability in Attachmate Verastream Process Designer (VPD) before R6 SP1 Hotfix 1 allows remote attackers to execute arbitrary code by uploading and launching an executable file.

Vulnerabilidad de subida de ficheros sin restricciones en Attachmate Verastream Process Designer (VPD) anterior a R6 SP1 Hotfix 1 permite a atacantes remotos ejecutar código arbitrario mediante la subida y el lanzamiento de un fichero ejecutable.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Attachmate Verastream Process Designer. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the 'DeploymentService' Axis web service. This web service is not protected by authentication requirements and suffers from a directory traversal vulnerability. By sending a specially crafted SOAP request, it is possible to upload files into the web server's root directory. A remote attacker can abuse this to execute remote code under the context of SYSTEM.

*Credits: Andrea Micalizzi (rgod)

CVSS Scores

NISTv2 10.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-12-28 CVE Reserved
2014-07-24 CVE Published
2023-11-28 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://support.attachmate.com/techdocs/2700.html	2014-07-24

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Attachmate Search vendor "Attachmate"		Verastream Process Designer Search vendor "Attachmate" for product "Verastream Process Designer"				<= 6.0 Search vendor "Attachmate" for product "Verastream Process Designer" and version " <= 6.0"		sp1		Affected
Attachmate Search vendor "Attachmate"		Verastream Process Designer Search vendor "Attachmate" for product "Verastream Process Designer"				6.0 Search vendor "Attachmate" for product "Verastream Process Designer" and version "6.0"		-		Affected