CERTVU:581276EMC AutoStart is vulnerable to remote code execution via specially crafted packets
0.943 High
EPSS
Percentile
99.2%
Overview
EMC AutoStart, version 5.5.0 and earlier, is vulnerable to remote command execution via specially crafted packets.
Description
EMC AutoStart is an enterprise software application developed to help networks and service maintain a high level of availability. AutoStart can manage clusters of applications or nodes as well as single instances.
Affected versions of EMC AutoStart fail to communicate securely between nodes, leading to the possibility of packet injection. Remote code execution with SYSTEM or root privileges is possible for attackers with knowledge of the AutoStart domain name. By sending crafted packets to theftagentrunning on the remote system, it is possible to run commands to write and execute data to an absolute or relative file path on the remote system.
Impact
A remote, unauthenticated user may be able to execute arbitrary commands with SYSTEM or root privileges.
Solution
Apply an update
EMC has released update 5.5.0.508 (HF4) to address this vulnerability. Please contact EMC Technical Support to request the hot fix (reference hotfix 1073, service alert 1078). Affected users should update to the latest version as soon as possible.
Use a firewall to limit access
System administrators can set the system firewall to limit TCP port 8045 access to known good systems that run the EMC AutoStart controller application.
Vendor Information
581276
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
EMC Corporation __ Affected
Notified: September 08, 2014 Updated: April 28, 2015
Statement Date: April 28, 2015
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
EMC AutoStart versions 5.5.0 and earlier are affected.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23581276 Feedback>).
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 9.3 | AV:N/AC:M/Au:N/C:C/I:C/A:C |
| Temporal | 8.4 | E:F/RL:W/RC:C |
| Environmental | 6.3 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
References
<http://www.emc.com/storage/autostart.htm>
Acknowledgements
Thanks to the reporter who wishes to remain anonymous.
This document was written by Garret Wassermann.
Other Information
| CVE IDs: | CVE-2015-0538 |
|---|---|
| Date Public: | 2015-04-30 Date First Published: |
References
Related
