Knowledgebase:
Leostream Agent Security Update
Posted by Karen Gondoly, Last modified by Karen Gondoly on 01 November 2018 09:17 AM

Description of Problem

A security vulnerability has been identified in the Leostream Agent component that, if exploited, could potentially allow an attacker to use the Leostream Agent API to modify registry keys on the remote desktops where the Leostream Agent is installed. This vulnerability could be exploited by an attacker with network access to the desktops.

This vulnerability was submitted as a Common Vulnerabilities and Exposures and is recorded as CVE-2018-18817.

Mitigating Factor

In typical deployments, the Leostream Agents are not routable from the Internet.

Resolving the Problem

Customers concerned about this vulnerability should upgrade their Leostream Agents to version 7.0. This version of the Leostream Agent secures communication with the Connection Broker using a public key exchange.

NOTE: Leostream Agent 7.0 is compatible with Connection Broker version 9.0 or Connection Broker version 8.2.73, or later. Earlier versions of the Connection Broker cannot communicate with Leostream Agent 7.0.

(0 vote(s))
Helpful
Not helpful

Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments: