// For flags

CVE-2008-5408

 

Severity Score

9.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Buffer overflow in the data management protocol in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors. NOTE: this can be exploited by unauthenticated remote attackers by leveraging CVE-2008-5407.

Desbordamiento de búfer en el protocolo de administración de datos en Symantec Backup Exec para Windows Servers 11.0 (alias 11d) builds 6235 y 7170, 12.0 build 1364, y 12.5 build 2213 permiten a los usuarios autenticados remotamente causar una denegación de servicios (caída de la aplicación) y posiblemente ejecutar arbitrariamente código a través de vectores desconocidos. NOTA: esto puede ser explotado por un atacante remoto no autentificado por la utilización de CVE-2008-5407.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-12-08 CVE Reserved
  • 2008-12-09 CVE Published
  • 2023-12-23 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Symantec
Search vendor "Symantec"
Backup Exec For Windows Server
Search vendor "Symantec" for product "Backup Exec For Windows Server"
11d
Search vendor "Symantec" for product "Backup Exec For Windows Server" and version "11d"
11.0.6235
Affected
Symantec
Search vendor "Symantec"
Backup Exec For Windows Server
Search vendor "Symantec" for product "Backup Exec For Windows Server"
11d
Search vendor "Symantec" for product "Backup Exec For Windows Server" and version "11d"
11.0.7170
Affected
Symantec
Search vendor "Symantec"
Backup Exec For Windows Server
Search vendor "Symantec" for product "Backup Exec For Windows Server"
12.0
Search vendor "Symantec" for product "Backup Exec For Windows Server" and version "12.0"
12.0.1364
Affected
Symantec
Search vendor "Symantec"
Backup Exec For Windows Server
Search vendor "Symantec" for product "Backup Exec For Windows Server"
12.5
Search vendor "Symantec" for product "Backup Exec For Windows Server" and version "12.5"
12.5.2213
Affected