Vulnerability CVE-2009-1120
Published: 2020-01-15

Description:
EMC RepliStor Server Service before ESA-09-003 has a DoASOCommand Remote Code Execution Vulnerability. The flaw exists within the DoRcvRpcCall RPC function -exposed via the rep_srv.exe process- where the vulnerability is caused by an error when the rep_srv.exe handles a specially crafted packet sent by an unauthenticated attacker.

Type:

NVD-CWE-noinfo

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
DELL -> Emc replistor 

 References:
http://www.zerodayinitiative.com/advisories/ZDI-09-068/
https://fortiguard.com/encyclopedia/ips/17967/emc-replistor-server-service-doasocommand-code-execution
Copyright 2024, cxsecurity.com

 

Back to Top