There is no need for authentication to execute this service because it is running as root. Beckman Coulter Remisol Advance v2.0.12.1 and prior does not restrict access to directories where Normand Viewer Service is accessible, which allows attackers to access sensitive data. Normand Viewer Service has the following default permissions: -rwxr-xr-x - rwxr-xr-x - rwxr-xr-x - rwxr-xr-x - rwxr-xr-x - rwxr-xr-x - rwxr-xr-x - rwxr-xr - rwxr-xr-x - rwxr-xr-x - rwxr-xr-x - rwxr-xr-x - rwxr-xr-x - rwxr-xr-x - rwxr - rwxr-xr-x - rwxr-xr-x - rwxr-xr-x - rwxr-xr-x - rwxr-xr-x - rwxr-xr-x - rwxr-xr-x - rwxr-xr-x - rwxr-xr-x - rwxr-xr-x - rwxr-xr-x - rwxr-x

Normand Remote Execution Service

A vulnerability in the Normand Remote Execution Service allows unauthorized access to sensitive data.
The vulnerability is caused by an issue in the service's default permissions, which does not restrict access to directories where the service is accessible, allowing attackers to access sensitive information.
There are no authentication requirements for this service because it runs as root.
This flaw affects versions 2.0.12.1 and prior of Beckman Coulter Remisol Advance software.

Timeline

Published on: 10/06/2022 18:15:00 UTC
Last modified on: 10/10/2022 02:58:00 UTC

References