CVE-2007-5006 : Multiple command handlers in CA (Computer Associates) BrightStor ARCserve Backup

Multiple command handlers in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 do not verify if a peer is authenticated, which allows remote attackers to add and delete users, and start client restores.

Published 2007-10-01 20:17:00

Updated 2021-04-08 13:31:09

Source MITRE

View at NVD, CVE.org

Vulnerability category: BypassGain privilege

Products affected by CVE-2007-5006

CA » Protection Suites » Version: R2
cpe:2.3:a:ca:protection_suites:r2:*:*:*:*:*:*:*
Matching versions
Broadcom » Brightstor Arcserve Backup Laptops Desktops » Version: 11.0
cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.0:*:*:*:*:*:*:*
Matching versions
Broadcom » Brightstor Arcserve Backup Laptops Desktops » Version: 11.1
cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.1:*:*:*:*:*:*:*
Matching versions
Broadcom » Brightstor Arcserve Backup Laptops Desktops » Version: 11.1 Update SP1
cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.1:sp1:*:*:*:*:*:*
Matching versions
Broadcom » Brightstor Arcserve Backup Laptops Desktops » Version: 11.5
cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.5:*:*:*:*:*:*:*
Matching versions
Broadcom » Brightstor Arcserve Backup Laptops Desktops » Version: 4.0
cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:4.0:*:*:*:*:*:*:*
Matching versions
Broadcom » Desktop Management Suite » Version: 11.0
cpe:2.3:a:broadcom:desktop_management_suite:11.0:*:*:*:*:*:*:*
Matching versions
Broadcom » Desktop Management Suite » Version: 11.1
cpe:2.3:a:broadcom:desktop_management_suite:11.1:*:*:*:*:*:*:*
Matching versions
Broadcom » Desktop Management Suite » Version: 11.2
cpe:2.3:a:broadcom:desktop_management_suite:11.2:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2007-5006

EPSS FAQ

9.78%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 95 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2007-5006

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2007-5006

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2007-5006

http://www.securityfocus.com/archive/1/480252/100/100/threaded

CVEs referencing this url
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=598
http://www.securityfocus.com/bid/24348

Computer Associates ARCserve Backup Multiple Remote Buffer Overflow Vulnerabilities

CVEs referencing this url
http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp

Patch

CVEs referencing this url
http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35677

Patch
http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006

Patch

CVEs referencing this url
http://www.securitytracker.com/id?1018728

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2007-5006

Products affected by CVE-2007-5006

Exploit prediction scoring system (EPSS) score for CVE-2007-5006

CVSS scores for CVE-2007-5006

CWE ids for CVE-2007-5006

References for CVE-2007-5006