CVE-2015-0525
EMC Secure Remote Services Virtual Edition Command Injection
Severity Score
7.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
El servicio Gateway Provisioning en EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 y 3.03 permite a atacantes remotos ejecutar comandos del sistema operativo arbitrarios a través de vectores no especificados.
A command injection vulnerability was found in EMC Secure Remote Services Virtual Edition (ESRS VE) that allows an attacker to execute arbitrary system commands and take full control over ESRS VE.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-12-17 CVE Reserved
- 2015-03-11 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html | Third Party Advisory |
|
| http://seclists.org/bugtraq/2015/Mar/40 | Mailing List |
|
| http://seclists.org/fulldisclosure/2015/Mar/118 | Mailing List |
|
| http://www.securityfocus.com/archive/1/534928/100/0/threaded | Mailing List |
| URL | Date | SRC |
|---|---|---|
| https://www.securify.nl/advisory/SFY20141112/command_injection_vulnerability_in_emc_secure_remote_services_virtual_edition.html | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Emc Search vendor "Emc" | Secure Remote Services Search vendor "Emc" for product "Secure Remote Services" | 3.02 Search vendor "Emc" for product "Secure Remote Services" and version "3.02" | virtual |
Affected
| ||||||
| Emc Search vendor "Emc" | Secure Remote Services Search vendor "Emc" for product "Secure Remote Services" | 3.03 Search vendor "Emc" for product "Secure Remote Services" and version "3.03" | virtual |
Affected
| ||||||