[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247862

 
 

909

 
 

194603

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-5420Date: (C)2008-12-10   (M)2023-12-22


The SAN Manager Master Agent service (aka msragent.exe) in EMC Control Center before 6.1 does not properly authenticate SST_SENDFILE requests, which allows remote attackers to read arbitrary files.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.8
Exploit Score: 10.0
Impact Score: 6.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: NONE
Availability: NONE
  
Reference:
SECTRACK-1021263
http://www.securityfocus.com/archive/1/498556/100/0/threaded
BID-32392
SECUNIA-32801
SREASON-4709
OSVDB-50032
ADV-2008-3220
controlcenter-msragent-file-download(46753)
http://www.zerodayinitiative.com/advisories/ZDI-08-076/

CPE    1
cpe:/a:emc:control_center:5.2:sp5
CWE    1
CWE-200

© SecPod Technologies