Vulnerability Details : CVE-2008-2157
Public exploit exists!
robotd in the Library Manager in EMC AlphaStor 3.1 SP1 for Windows allows remote attackers to execute arbitrary commands via an unspecified string field in a packet to TCP port 3500.
Vulnerability category: Input validation
Products affected by CVE-2008-2157
- cpe:2.3:a:emc_corporation:alphastor:3.1_sp1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-2157
85.00%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2008-2157
-
EMC AlphaStor Library Manager Arbitrary Command Execution
Disclosure Date: 2008-05-27First seen: 2020-04-26auxiliary/admin/emc/alphastor_librarymanager_execEMC AlphaStor Library Manager is prone to a remote command-injection vulnerability because the application fails to properly sanitize user-supplied input. Authors: - MC <mc@metasploit.com> -
EMC AlphaStor Device Manager Arbitrary Command Execution
Disclosure Date: 2008-05-27First seen: 2020-04-26auxiliary/admin/emc/alphastor_devicemanager_execEMC AlphaStor Device Manager is prone to a remote command-injection vulnerability because the application fails to properly sanitize user-supplied input. Authors: - MC <mc@metasploit.com>
CVSS scores for CVE-2008-2157
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2008-2157
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-2157
Jump to