Lucene search
RgodZDI-17-812HistorySep 28, 2017 - 12:00 a.m.
(0Day) EMC Data Protection Advisor ScheduledReportResource Command Injection Remote Code Execution Vulnerability
2017-09-2800:00:00
rgod
www.zerodayinitiative.com
19
0.044 Low
EPSS
Percentile
92.4%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection Advisor. Authentication is required to exploit this vulnerability. The specific flaw exists within the EMC DPA Application service, which listens on TCP port 9002 by default. When parsing the preScript parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute arbitrary code under the context of SYSTEM.
Related
openvas
openvas
EMC Data Protection Advisor Multiple Vulnerabilities (Jul 2017)
2017-07-11 00:00:00
zdt
zdt
EMC Data Protection Advisor SQL Injection / Path Traversal Vulnerabilities
2017-07-08 00:00:00
EMC Data Protection Advisor Hardcoded Password Vulnerability
2017-09-17 00:00:00
nessus
nessus
EMC Data Protection Advisor < 6.4 Multiple Vulnerabilities
2017-07-13 00:00:00
EMC Data Protection Advisor < 6.4.130 Hardcoded Password Vulnerability
2017-09-21 00:00:00
cvelist
cvelist
nvd
nvd
prion
prion
Design/Logic Flaw
2017-10-19 19:29:00
Path traversal
2017-07-09 20:29:00
Hardcoded credentials
2018-03-16 20:29:00
cve
cve
zdi
zdi
checkpoint_advisories
checkpoint_advisories