Title: Danware NetOp Remote Control Unauthenticated File Transfer Vulnerability
Severity: CRITICAL
Description:
NetOp is a remote control utility, offering console access via network or serial connections. On NT and Windows 2000 machines, the software runs in the SYSTEM context by default.
The software includes the ability to perform direct file transfers to and from the host machine. By default, no authentication is required to perform this activity, meaning that any user with the freely-downloadable client and network access to the target can perform read/write/create operations to any file on the system, including password and configuration data.
Affected Products:
- Danware Data NetOp 6.0.0
- Danware Data NetOp 6.50.0
References:
- Danware Data: Danware Data Homepage
- NetOp Product Support: Security Statement
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
