CVE-2008-0640

Опубликовано: 08 фев. 2008

Источник: nvd

CVSS2: 10

EPSS Низкий

Описание

Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 does not authenticate connections between the console and the Ghost Management Agent, which allows remote attackers to execute arbitrary commands via unspecified RPC requests in conjunction with ARP spoofing.

Ссылки

http://secunia.com/advisories/28853
Vendor Advisory
http://www.securityfocus.com/bid/27644
http://www.securitytracker.com/id?1019356
http://www.symantec.com/avcenter/security/Content/2008.02.07.html
Patch
http://www.vupen.com/english/advisories/2008/0474
Vendor Advisory
http://secunia.com/advisories/28853
Vendor Advisory
http://www.securityfocus.com/bid/27644
http://www.securitytracker.com/id?1019356
http://www.symantec.com/avcenter/security/Content/2008.02.07.html
Patch
http://www.vupen.com/english/advisories/2008/0474
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:symantec:ghost_solutions_suite:1.1:*:*:*:*:*:*:*

cpe:2.3:a:symantec:ghost_solutions_suite:2.0.0:*:*:*:*:*:*:*

cpe:2.3:a:symantec:ghost_solutions_suite:2.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 87%

0.03505

Низкий

10 Critical

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-qfxw-x567-fwfc

github

почти 4 года назад