• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: EScan Product Agent Service MWAGENT.EXE Security Bypass Vulnerability

Severity: CRITICAL

Description:

eScan is a security suite developed by MicroWorld Technologies. It is available for Microsoft Windows.

eScan is prone to a vulnerability that permits an attacker to gain elevated privileges on the affected computers. This issue stems from a design error in the affected application. The vulnerability resides in the MicroWorld Agent service ('MWAGENT.EXE') running on TCP port 2222 by default. The service fails to implement an authentication scheme, permitting an attacker to send arbitrary commands to the affected service.

An attacker can exploit this issue to:

- Disable/enable the eScan Anti-Virus Monitor process through the 'DISMON' and 'ENAMON' commands.
- Disable/enable the 'Restrictive Scanning' configuration setting through the 'SLOMOD' commands.
- Disable/enable the eScan 'File Rights' through the 'ENFRIG' and 'DIFRIG' commands.
- Modify the server status through the 'ENFRIG' and 'DIFRIG' commands.
- Configure the update server through the 'UPDSET' command.
- Access sensitive information through the 'SEND' command.

An attacker with local access to the affected computer can:

- Gain SYSTEM-level privileges by sending a 'SCASYS', 'SCADRV', or 'SCAMEM' command. This would cause the affected application to open a window with SYSTEM-level privileges, allowing the attacker to execute arbitrary commands.

- Uninstall the affected application through the 'UNISOFT' command.

This issue affects eScan 8.0.671.1 and 9.0.714.1; other versions may also be affected.

Affected Products:

• MicroWorld Technologies eScan 8.0.671.1
• MicroWorld Technologies eScan 9.0.714.1

References:

• MicroWorld Technologies: eScan Homepage
• Secunia Research: eScan Products Agent Service Missing User Authentication

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.