Lucene search

MitreCVE-2008-5420

HistoryDec 10, 2008 - 2:00 p.m.

CVE-2008-5420

2008-12-1014:00:01

CWE-200

mitre

web.nvd.nist.gov

cve-2008-5420

san manager

master agent service

emc control center

remote attackers

file read vulnerability

security vulnerability

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

0.036

Percentile

91.7%

JSON

The SAN Manager Master Agent service (aka msragent.exe) in EMC Control Center before 6.1 does not properly authenticate SST_SENDFILE requests, which allows remote attackers to read arbitrary files.

Affected configurations

Nvd

Node

emccontrol_centerRange≤6.0

emccontrol_centerMatch5.2sp5

VendorProductVersionCPE
emccontrol_center*cpe:2.3:a:emc:control_center:*:*:*:*:*:*:*:*
emccontrol_center5.2cpe:2.3:a:emc:control_center:5.2:sp5:*:*:*:*:*:*

Vendor	Product	Version	CPE
emc	control_center	*	cpe:2.3:a:emc:control_center::::::::
emc	control_center	5.2	cpe:2.3:a:emc:control_center:5.2:sp5::::::

References

osvdb.org/50032

secunia.com/advisories/32801

securityreason.com/securityalert/4709

www.securityfocus.com/archive/1/498556/100/0/threaded

www.securityfocus.com/bid/32392

www.securitytracker.com/id?1021263

www.vupen.com/english/advisories/2008/3220

www.zerodayinitiative.com/advisories/ZDI-08-076/

exchange.xforce.ibmcloud.com/vulnerabilities/46753

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

0.036

Percentile

91.7%

JSON

Related for CVE-2008-5420