10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.952 High
EPSS
Percentile
99.1%
Added: 05/25/2007
CVE: CVE-2007-2522
BID: 23906
OSVDB: 34585
Multiple CA products include the inoweb Console Server which listens for connections on port 12168/TCP.
A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a long, specially crafted username to the inoweb service.
Use the product’s automatic content update feature to fix the vulnerability as recommended in the CA Security Notice.
<http://archives.neohapsis.com/archives/bugtraq/2007-05/0175.html>
Exploit works on CA eTrust Integrated Threat Management r8.
Windows