Vulnerability CVE-2008-0640
Published: 2008-02-07   Modified: 2012-02-12

Description:
Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 does not authenticate connections between the console and the Ghost Management Agent, which allows remote attackers to execute arbitrary commands via unspecified RPC requests in conjunction with ARP spoofing.

Type:

CWE-287

 (Improper Authentication)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Symantec -> Ghost solutions suite 

 References:
http://www.symantec.com/avcenter/security/Content/2008.02.07.html
http://www.vupen.com/english/advisories/2008/0474
http://www.securitytracker.com/id?1019356
http://www.securityfocus.com/bid/27644
http://secunia.com/advisories/28853
Copyright 2024, cxsecurity.com

 

Back to Top