10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.975 High
EPSS
Percentile
100.0%
Added: 01/26/2011
CVE: CVE-2010-0219
BID: 45625
OSVDB: 70233
CA ARCserve D2D is a disk-based backup solution.
CA ARCserve D2D deploys Axis2 with default credentials which can be used to gain unauthorized access to the web application server. By then uploading a specially crafted axis2 service, an attacker could execute arbitrary commands on the system.
Change the password for the admin account in the axis2.xml file, which is found in the \Program Files\CA\ARCserve D2D\TOMCAT\webapps\WebServiceImpl\WEB-INF\conf folder.
<http://www.securityfocus.com/archive/1/515494>
Exploit works on CA ARCserve D2D r15.
There may be a delay before the exploit succeeds.
Windows