1. Home
  2. Web App Vulnerabilities
  3. How to remediate – Ericom AccessNow Server Detection
Searching...

How to remediate – Ericom AccessNow Server Detection

Contents

1. Introduction

The remote host is running Ericom AccessNow Server Detection, a web-based remote access client. This product allows users to connect to servers, desktops, or virtual machines via a web browser. A successful exploit could allow an attacker to gain unauthorized access to the server and any resources it can reach. This poses a risk to confidentiality, integrity, and availability of affected systems.

2. Technical Explanation

Ericom AccessNow provides a web-based interface for remote access. The vulnerability lies in the presence of the product itself on the network, which is detectable through various means like banner grabbing or identifying specific ports and services. An attacker could identify systems running Ericom AccessNow and then attempt to exploit known vulnerabilities within the product or target users with phishing attacks tailored to this platform. There are no publicly available CVEs associated with simply detecting the presence of the software; however, it indicates a potential attack surface.

  • Root cause: The remote access client is installed and running on the host.
  • Exploit mechanism: An attacker identifies the server and attempts to exploit known vulnerabilities in AccessNow or uses this information for targeted attacks.
  • Scope: Systems running Ericom AccessNow Server product are affected.

3. Detection and Assessment

You can confirm whether a system is vulnerable by checking for the presence of the software. A quick check involves looking at running processes, while a thorough method includes examining installed applications and network services.

  • Quick checks: Use the command `ps -ef | grep accessnow` to list any AccessNow related processes.
  • Scanning: Nessus plugin 136789 can detect Ericom AccessNow installations, but results should be verified manually.
  • Logs and evidence: Check for AccessNow-related entries in system logs or application logs.
ps -ef | grep accessnow

4. Solution / Remediation Steps

The following steps outline how to remediate the detection of Ericom AccessNow Server. These steps focus on removing the software if it is not required, or ensuring it’s updated and secured if needed.

4.1 Preparation

4.2 Implementation

  1. Step 1: Stop the Ericom AccessNow service using the appropriate operating system command (e.g., `systemctl stop accessnow` on Linux, or via Services in Windows).
  2. Step 2: Uninstall the Ericom AccessNow software through the Control Panel (Windows) or package manager (Linux).
  3. Step 3: Verify that all related files and directories have been removed.

4.3 Config or Code Example

There is no specific configuration change to demonstrate, as this involves removing the software.

4.4 Security Practices Relevant to This Vulnerability

Several security practices can help prevent issues related to remote access clients like Ericom AccessNow. Least privilege limits the impact of a successful exploit. Regular patch cadence ensures that known vulnerabilities are addressed promptly. Input validation prevents malicious data from being processed.

  • Practice 1: Implement least privilege principles, granting users only the necessary permissions.
  • Practice 2: Maintain a regular patch cadence for all software, including remote access clients.

4.5 Automation (Optional)

Automation scripts can be used to detect and uninstall Ericom AccessNow across multiple systems. Use caution when running automated removal scripts in production environments.

# Example PowerShell script for detection:
Get-WmiObject -Class Win32_Product | Where-Object {$_.Name -like "*Ericom AccessNow*"}
#Example Linux command to check if the package is installed.
dpkg -l | grep accessnow

5. Verification / Validation

Confirm that the fix worked by verifying that Ericom AccessNow is no longer running on the system. Re-run the earlier detection methods and ensure they return no results. Perform a simple service smoke test to confirm other services are still functioning.

  • Post-fix check: Run `ps -ef | grep accessnow` and verify that no processes related to AccessNow are listed.
  • Re-test: Re-run the scanning methods from step 3, which should now report no vulnerabilities.
  • Smoke test: Verify that other essential services on the system are still functioning as expected (e.g., SSH access, web server availability).
ps -ef | grep accessnow

6. Preventive Measures and Monitoring

  • Baselines: Update system security baselines to prevent the installation of unapproved remote access clients.
  • Pipelines: Add checks in your CI/CD pipeline to scan for known vulnerabilities in software packages.
  • Asset and patch process: Implement a regular asset inventory and patch management process.

7. Risks, Side Effects, and Roll Back

  • Risk or side effect 1: Disruption of remote access services. Mitigation: Communicate with users and provide alternative solutions.
  • Roll back: Restore the system from the pre-change snapshot.

8. References and Resources

The following resources provide information about Ericom AccessNow and related security considerations.

Updated on December 27, 2025

Was this article helpful?

Yes No

Related Articles