9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.154 Low
EPSS
Percentile
95.3%
Added: 02/01/2013
CVE: CVE-2013-0928
BID: 57472
OSVDB: 89436
EMC AlphaStor is a media lifecycle and tape library management product for enterprise environments.
EMC AlphaStor versions prior to 4.0 Build 800 are vulnerable to remote command injection. The AlphaStor Device Manager (rrobotd.exe
) contains a flaw which could be exploited to inject arbitrary commands via the DCP run command.
Upgrade to version 4.0 build 800 or later.
<http://secunia.com/advisories/51930/>
This exploit was tested against EMC AlphaStor 4.0 build 114 on Windows Server 2003 SP2 English (DEP OptOut) and Windows Server 2008 SP2 (DEP OptOut).
Windows