CVE ID | CVE-2015-0538 |
CVSS SCORE | 10.0, AV:N/AC:L/Au:N/C:C/I:C/A:C |
AFFECTED VENDORS |
EMC |
AFFECTED PRODUCTS |
AutoStart |
TREND MICRO CUSTOMER PROTECTION | Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID ['19713']. For further product information on the TippingPoint IPS: http://www.tippingpoint.com |
VULNERABILITY DETAILS |
The specific flaw exists within ftAgent.exe which listens on TCP port 8045, when handling numerous opcodes. The vulnerability is caused by lack of input validation before using a remotely supplied string to construct SQL queries. By sending a crafted request to a vulnerable system, a remote attacker can exploit this vulnerability to execute arbitrary code in the context of SYSTEM. |
ADDITIONAL DETAILS |
EMC has issued an update to correct this vulnerability. More details can be found at:
http://seclists.org/bugtraq/2015/May/att-25/ESA-2015-084.txt |
DISCLOSURE TIMELINE |
|
CREDIT | Brian Gorenc of HP's Zero Day Initiative |