Core Security Technologies Advisory - A security vulnerability exists in LANDesk Management Suite: a cross-site request forgery which allows an external remote malicious user to make a command injection that can be used to execute arbitrary code using the webserver user. As a result, an attacker can remove the firewall and load a kernel module, allowing root access to the appliance. It also can be used as a non-persistent XSS.