// For flags

CVE-2008-4397

Computer Associates ARCserve - REPORTREMOTEEXECUTECML Buffer Overflow

Severity Score

10.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to execute arbitrary commands via a .. (dot dot) in an RPC call with opnum 0x10A.

Vulnerabilidad de salto de directorio en la interfaz RPC (asdbapi.dll) en CA ARCserve Backup (antes BrightStor ARCserve Backup) vr11.1 hasta vr12.0 permite a atacantes remotos ejecutar comandos de su elección a través de .. (punto punto) en una llamada RPC con un opnum 0x10A.

CA BrightStor ARCServe BackUp is an overall data backup solution. The RPC interface of CA BrightStor ARCServe BackUp does not handle user's input exactly that allows anonymous attacker to inject any command, a remote code execution attack may achieved through this way. Details are provided. CA BrightStor ARCServe BackUp version R11.5 is affected.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-10-02 CVE Reserved
  • 2008-10-09 CVE Published
  • 2010-04-30 First Exploit
  • 2024-08-07 CVE Updated
  • 2024-10-20 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-20: Improper Input Validation
  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Broadcom
Search vendor "Broadcom"
Arcserve Backup
Search vendor "Broadcom" for product "Arcserve Backup"
r12.0
Search vendor "Broadcom" for product "Arcserve Backup" and version "r12.0"
-
Affected
Broadcom
Search vendor "Broadcom"
Business Protection Suite
Search vendor "Broadcom" for product "Business Protection Suite"
r2
Search vendor "Broadcom" for product "Business Protection Suite" and version "r2"
-
Affected
Broadcom
Search vendor "Broadcom"
Server Protection Suite
Search vendor "Broadcom" for product "Server Protection Suite"
r2
Search vendor "Broadcom" for product "Server Protection Suite" and version "r2"
-
Affected
Ca
Search vendor "Ca"
Arcserve Backup
Search vendor "Ca" for product "Arcserve Backup"
r11.1
Search vendor "Ca" for product "Arcserve Backup" and version "r11.1"
-
Affected
Ca
Search vendor "Ca"
Arcserve Backup
Search vendor "Ca" for product "Arcserve Backup"
r11.5
Search vendor "Ca" for product "Arcserve Backup" and version "r11.5"
-
Affected
Ca
Search vendor "Ca"
Business Protection Suite
Search vendor "Ca" for product "Business Protection Suite"
r2
Search vendor "Ca" for product "Business Protection Suite" and version "r2"
microsoft_small_business_server_premium
Affected
Ca
Search vendor "Ca"
Business Protection Suite
Search vendor "Ca" for product "Business Protection Suite"
r2
Search vendor "Ca" for product "Business Protection Suite" and version "r2"
microsoft_small_business_server_standard
Affected