Lucene search

[email protected]CVE-2007-5328

HistoryOct 13, 2007 - 12:17 a.m.

CVE-2007-5328

2007-10-1300:17:00

CWE-264

[email protected]

web.nvd.nist.gov

ca brightstor

arcserve

backup

message engine rpc

code execution

privilege escalation

security vulnerability

cve-2007-5328

7.3 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.962 High

EPSS

Percentile

99.5%

JSON

The Message Engine RPC service in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows attackers to execute arbitrary code by using certain “insecure method calls” to modify the file system and registry, aka “Privileged function exposure.”

CPENameOperatorVersion
broadcom:brightstor_arcserve_backupbroadcom brightstor arcserve backupeq10.5
broadcom:brightstor_arcserve_backupbroadcom brightstor arcserve backupeq11.5
broadcom:brightstor_arcserve_backupbroadcom brightstor arcserve backupeq11
broadcom:brightstor_arcserve_backupbroadcom brightstor arcserve backupeq11.1
broadcom:brightstor_arcserve_backupbroadcom brightstor arcserve backupeq9.01
broadcom:brightstor_enterprise_backupbroadcom brightstor enterprise backupeq10.5

CPE	Name	Operator	Version
broadcom:brightstor_arcserve_backup	broadcom brightstor arcserve backup	eq	10.5
broadcom:brightstor_arcserve_backup	broadcom brightstor arcserve backup	eq	11.5
broadcom:brightstor_arcserve_backup	broadcom brightstor arcserve backup	eq	11
broadcom:brightstor_arcserve_backup	broadcom brightstor arcserve backup	eq	11.1
broadcom:brightstor_arcserve_backup	broadcom brightstor arcserve backup	eq	9.01
broadcom:brightstor_enterprise_backup	broadcom brightstor enterprise backup	eq	10.5

References

secunia.com/advisories/27192

supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp

www.securityfocus.com/archive/1/482121/100/0/threaded

www.securityfocus.com/archive/1/484229/100/0/threaded

www.securityfocus.com/bid/26015

www.securitytracker.com/id?1018805

www.vupen.com/english/advisories/2007/3470

www.zerodayinitiative.com/advisories/ZDI-07-069.html

exchange.xforce.ibmcloud.com/vulnerabilities/37067

7.3 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.962 High

EPSS

Percentile

99.5%

JSON

Related for CVE-2007-5328

prion1 securityvulns6 checkpoint_advisories1 zdi1 nessus1