CVE-2015-0538
EMC AutoStart ftAgent Multiple Opcode SQL Injection Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
ftagent.exe in EMC AutoStart 5.4.x and 5.5.x before 5.5.0.508 HF4 allows remote attackers to execute arbitrary commands via crafted packets.
ftagent.exe en EMC AutoStart 5.4.x y 5.5.x anterior a 5.5.0.508 HF4 permite a atacantes remotos ejecutar comandos arbitrarios a través de paquetes manipulados.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC AutoStart. Authentication is required to exploit this vulnerability, but can be easily bypassed.
The specific flaw exists within ftAgent.exe which listens on TCP port 8045, when handling numerous opcodes. The vulnerability is caused by lack of input validation before using a remotely supplied string to construct SQL queries. By sending a crafted request to a vulnerable system, a remote attacker can exploit this vulnerability to execute arbitrary code in the context of SYSTEM.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-12-17 CVE Reserved
- 2015-05-04 CVE Published
- 2024-08-06 CVE Updated
- 2024-10-31 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/131749/EMC-AutoStart-5.4.3-5.5.0-Packet-Injection.html | X_refsource_misc |
|
| http://seclists.org/bugtraq/2015/May/25 | Mailing List |
|
| http://www.kb.cert.org/vuls/id/581276 | Third Party Advisory |
|
| http://www.securitytracker.com/id/1032237 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|