Altec DocLink service exposes sensitive data and allows unauthorized access

Summary

An outdated version of Altec DocLink has a security flaw that makes it possible for attackers to access sensitive data and potentially execute malicious code on the server. This is because the service does not require authentication and allows attackers to read, write, and overwrite files on the system. To protect your system, update to the latest version of Altec DocLink or consider disabling the service if it's not necessary for your operations.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
beyond	altec_doclink	4.0.336.0	–

Original title

Altec DocLink (now maintained by Beyond Limits Inc.) version 4.0.336.0 exposes insecure .NET Remoting endpoints over TCP and HTTP/SOAP via Altec.RDCHostService.exe using the ObjectURI "doclinkServe...

Original description

Altec DocLink (now maintained by Beyond Limits Inc.) version 4.0.336.0 exposes insecure .NET Remoting endpoints over TCP and HTTP/SOAP via Altec.RDCHostService.exe using the ObjectURI "doclinkServer.soap". The service does not require authentication and is vulnerable to unsafe object unmarshalling, allowing remote attackers to read arbitrary files from the underlying system by specifying local file paths. Additionally, attackers can coerce SMB authentication via UNC paths and write arbitrary files to server locations. Because writable paths may be web-accessible under IIS, this can result in unauthenticated remote code execution or denial of service through file overwrite.

nvd CVSS3.1 9.8

nvd CVSS4.0 10.0

Vulnerability type

CWE-502 Deserialization of Untrusted Data

CWE-918 Server-Side Request Forgery (SSRF)

https://doclinkai.com/ Product
https://www.vulncheck.com/advisories/doclink-net-remoting-unauthenticated-arbitr... Third Party Advisory VDB Entry