A new Zero-Day vulnerability disclosed few days ago (CVE-2012-4933), applies to “Novell” web console product

By Nofar Gueta | October 16, 2012

A recent published research by Metasploit project exposes a new exploit (CVE-2012-4933) based on a vulnerability applies to a product of the American-based company Novell (ZENworks  Asset management 7.5, web Console).

This vulnerability allows the attacker to access any file with SYSTEM privileges and configure the system parameters.

According to US-CERT warning regarding this threat, currently there is no practical solution to this problem.

Cyvera TRAPS successfully prevents any exploitation of this vulnerability even with the absence of appropriate security update.