Lucene search

[email protected]CVE-2007-2279

HistoryJun 04, 2007 - 4:30 p.m.

CVE-2007-2279

2007-06-0416:30:00

CWE-264

[email protected]

web.nvd.nist.gov

symantec

storage foundation

windows

vulnerability

authentication bypass

arbitrary code execution

8.2 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.018 Low

EPSS

Percentile

87.9%

JSON

The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket that create (1) PreScript or (2) PostScript registry values under Veritas\VxSvc\CurrentVersion\Schedules specifying future command execution.

CPENameOperatorVersion
symantec:veritas_storage_foundationsymantec veritas storage foundationeq5.0

CPE	Name	Operator	Version
symantec:veritas_storage_foundation	symantec veritas storage foundation	eq	5.0

References

osvdb.org/36104

secunia.com/advisories/25537

seer.entsupport.symantec.com/docs/288627.htm

www.securityfocus.com/archive/1/470562/100/0/threaded

www.securityfocus.com/bid/24194

www.securitytracker.com/id?1018188

www.symantec.com/avcenter/security/Content/2007.06.01.html

www.vupen.com/english/advisories/2007/2035

exchange.xforce.ibmcloud.com/vulnerabilities/34680

8.2 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.018 Low

EPSS

Percentile

87.9%

JSON

Related for CVE-2007-2279

prion2 securityvulns3 nessus1 cve1