Vulnerability Details : CVE-2008-1661
Public exploit exists!
Stack-based buffer overflow in DoubleTake.exe in HP StorageWorks Storage Mirroring (SWSM) before 4.5 SP2 allows remote attackers to execute arbitrary code via a crafted encoded authentication request.
Vulnerability category: OverflowExecute code
Products affected by CVE-2008-1661
- cpe:2.3:a:hp:storageworks_storage_mirroring:4.5:sp1:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-1661
89.82%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2008-1661
-
DoubleTake/HP StorageWorks Storage Mirroring Service Authentication Overflow
Disclosure Date: 2008-06-04First seen: 2020-04-26exploit/windows/misc/doubletakeThis module exploits a stack buffer overflow in the authentication mechanism of NSI Doubletake which is also rebranded as HP Storage Works. This vulnerability was found by Titon of Bastard Labs. Authors: - ri0t <ri0t@ri0tnet.net>
CVSS scores for CVE-2008-1661
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2008-1661
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2008-1661
-
Double-Take 2009-05-08This issue was fixed in version 5.1 which was released July 11, 2008
References for CVE-2008-1661
Jump to