Lucene search

[email protected]CVE-2008-5420

HistoryDec 10, 2008 - 2:00 p.m.

CVE-2008-5420

2008-12-1014:00:01

CWE-200

[email protected]

web.nvd.nist.gov

cve-2008-5420

san manager

master agent service

emc control center

remote attackers

file read vulnerability

security vulnerability

6.7 Medium

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.036 Low

EPSS

Percentile

91.7%

JSON

The SAN Manager Master Agent service (aka msragent.exe) in EMC Control Center before 6.1 does not properly authenticate SST_SENDFILE requests, which allows remote attackers to read arbitrary files.

Affected configurations

NVD

Node

emccontrol_centerRange≤6.0

emccontrol_centerMatch5.2sp5

CPENameOperatorVersion
emc:control_centeremc control centerle6.0
emc:control_centeremc control centereq5.2

CPE	Name	Operator	Version
emc:control_center	emc control center	le	6.0
emc:control_center	emc control center	eq	5.2

References

osvdb.org/50032

secunia.com/advisories/32801

securityreason.com/securityalert/4709

www.securityfocus.com/archive/1/498556/100/0/threaded

www.securityfocus.com/bid/32392

www.securitytracker.com/id?1021263

www.vupen.com/english/advisories/2008/3220

www.zerodayinitiative.com/advisories/ZDI-08-076/

exchange.xforce.ibmcloud.com/vulnerabilities/46753

6.7 Medium

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.036 Low

EPSS

Percentile

91.7%

JSON

Related for CVE-2008-5420

zdi1 prion1 cvelist1 nvd1