Raynet RayVentory Command Injection Vulnerability Allowing Arbitrary Code Execution

A command injection vulnerability has been identified in Raynet RayVentory Scan Engine version 12.6.4392.49 and prior. This vulnerability allows local attackers to execute arbitrary commands by exploiting the application's handling of certain command-line options. The issue arises from improper validation of input in the 'find' command query, which is used to locate Java executables. Attackers can craft directory paths that manipulate the application's search logic, leading to the execution of unintended Java code.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected system.

Reproduction

To reproduce this vulnerability, use the 'getconfig', 'upload', 'inventory', or 'oracle' options with the 'rvia' command-line tool. Inject a command by crafting the input to exploit the improper validation of the 'find' command query. For the 'upload' option, ensure that there are inventory files available to upload. The 'oracle' option may fail if the application cannot locate a Java environment.

Remediation

Users can update to the latest version of Raynet RayVentory to address this vulnerability.