NetIQ Security Manager NQMcsVarSet DumpToFile Remote Code Execution Vulnerability

Document ID:7015309
Creation Date:01-Jul-2014
Modified Date:02-Jul-2014
- Micro Focus Products:
  Security Manager

Environment

NetIQ Security Manager

Situation

An attacker might execute an arbitrary code in the system installed with Security Manager using a vulnerable method, which can result in directory traversal. This vulnerability requires user interaction.

For more details see the following URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0602

Resolution

Starting with Security Manager 6.5.4. Hotfix 20120606, Security Manager no longer uses the vulnerable method. Therefore, Security Manager is no longer vulnerable to remote code execution.

The latest Security Manager hotfix can be found on the Security Manager Support Hotfix page.

Cause

Security Manager prior to 6.5.4 Hotfix 20140606 used the NQMcsVarSet ActiveX Control.

Additional Information

CVE-2014-0602 reported by NetIQ