Lucene search

Kaspersky LabKLA10147

HistoryMay 03, 2006 - 12:00 a.m.

KLA10147 ACE vulnerabilities in EMC Retrospect

2006-05-0300:00:00

Kaspersky Lab

threats.kaspersky.com

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

Detect date:

05/03/2006

Severity:

High

Description:

Improper privileges and permissions work was found in EMC Retrospect. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited locally by replacing program files or manipulating ‘open file’ dialog.

Affected products:

EMC Retrospect 6.5 versions 6.5.381 and earlier
EMC Retrospect 7.0 versions 7.0.344 and earlier
EMC Retrospect 7.5 versions 7.5.1.105 and earlier

Solution:

Update to latest version

Impacts:

ACE

Related products:

EMC Retrospect

CVE-IDS:

CVE-2006-21547.2High
CVE-2006-21554.6Warning

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2154

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2155

statistics.securelist.com/vulnerability-scan/month

threats.kaspersky.com/en/product/EMC-Retrospect/

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

Related for KLA10147