CVSS: 10.0EPSS: 93%CPEs: 1EXPL: 0CVE-2015-0538 – EMC AutoStart ftAgent Multiple Opcode SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-0538
ftagent.exe in EMC AutoStart 5.4.x and 5.5.x before 5.5.0.508 HF4 allows remote attackers to execute arbitrary commands via crafted packets. ftagent.exe en EMC AutoStart 5.4.x y 5.5.x anterior a 5.5.0.508 HF4 permite a atacantes remotos ejecutar comandos arbitrarios a través de paquetes manipulados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC AutoStart. Authentication is required to exploit this vulnerability, but can be easily bypassed. The specific flaw exists within ftAgent.exe which listens on TCP port 8045, when handling numerous opcodes. The vulnerability is caused by lack of input validation before using a remotely supplied string to construct SQL queries. By sending a crafted request to a vulnerable system, a remote attacker can exploit this vulnerability to execute arbitrary code in the context of SYSTEM. • http://packetstormsecurity.com/files/131749/EMC-AutoStart-5.4.3-5.5.0-Packet-Injection.html http://seclists.org/bugtraq/2015/May/25 http://www.kb.cert.org/vuls/id/581276 http://www.securitytracker.com/id/1032237 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 91%CPEs: 7EXPL: 0CVE-2012-0409 – EMC AutoStart ftAgent Opcode 0x2d Subcode 0x1194 Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0409
Multiple buffer overflows in EMC AutoStart 5.3.x and 5.4.x before 5.4.3 allow remote attackers to cause a denial of service (agent crash) or possibly execute arbitrary code via crafted packets. Múltiples desbordamientos de búfer en EMC AutoStart v5.3.x y v5.4.x antes de v5.4.3, permite a atacantes remotos causar una denegación de servicio (caída del agente) o posiblemente ejecutar código arbitrario a través de paquetes manipulados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the EMC Autostart ftAgent, which is deployed on machines managed by EMC Autostart by default. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing routines for op-codes used by EMC Autostart ftAgent's proprietary network protocol. This ftAgent.exe service listens on TCP port 8045, and performs arithmetic for memory size calculation using values read from the network without validation. • http://www.securityfocus.com/archive/1/522835 http://www.securityfocus.com/bid/53682 http://www.securitytracker.com/id?1027100 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 8%CPEs: 5EXPL: 0CVE-2011-2735 – EMC Autostart ftAgent Opcode 0x11 Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-2735
Multiple buffer overflows in EMC AutoStart 5.3.x and 5.4.x before 5.4.1 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by sending a crafted message over TCP. Múltiples desbordamientos de búfer en EMC AutoStart v5.3.x y v5.4.x antes de v5.4.1 permite a atacantes remotos causar una denegación de servicio (caída del demonio) o posiblemente ejecutar código de su elección mediante el envío de un mensaje manipulado a través de TCP. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC AutoStart. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Agent Service (ftAgent.exe). The Agent Service listens on TCP port 8045 for communications between AutoStart nodes. • http://secunia.com/advisories/45703 http://securityreason.com/securityalert/8352 http://securitytracker.com/id?1025958 http://www.securityfocus.com/archive/1/519371/100/0/threaded http://www.securityfocus.com/bid/49238 https://exchange.xforce.ibmcloud.com/vulnerabilities/69296 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 22%CPEs: 2EXPL: 0CVE-2009-0311 – EMC AutoStart Backbone Engine Trusted Pointer Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2009-0311
The Backbone service (ftbackbone.exe) in EMC AutoStart before 5.3 SP2 allows remote attackers to execute arbitrary code via a packet with a crafted value that is dereferenced as a function pointer. El servicio Backbone (ftbackbone.exe) en EMC AutoStart en versiones anteriores a 5.3 SP2, permite a los atacantes remotos ejecutar arbitrariamente código a través de un paquete con un valor manipulado que está desreferenciado como puntero a una función. This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of EMC AutoStart. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Backbone service (ftbackbone.exe) which listens by default on TCP port 8042. The process trusts a DWORD value from incoming packets which it arbitrarily calls. • http://osvdb.org/51566 http://secunia.com/advisories/33667 http://www.securityfocus.com/archive/1/500350/100/0/threaded http://www.securityfocus.com/bid/33415 http://www.securitytracker.com/id?1021636 http://zerodayinitiative.com/advisories/ZDI-09-009 https://exchange.xforce.ibmcloud.com/vulnerabilities/48197 • CWE-20: Improper Input Validation •