CVE-2013-6795 : The Updater in Rackspace Openstack Windows Guest Agent for XenServer before 1.2.

The Updater in Rackspace Openstack Windows Guest Agent for XenServer before 1.2.6.0 allows remote attackers to execute arbitrary code via a crafted serialized .NET object to TCP port 1984, which triggers the download and extraction of a ZIP file that overwrites the Agent service binary.

Published 2013-12-24 18:55:21

Updated 2013-12-26 15:14:07

Source MITRE

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2013-6795

Rackspace » Openstack Windows Guest Agent » For Xen Server
Versions up to, including, (<=) 1.2.5.0
cpe:2.3:a:rackspace:openstack_windows_guest_agent:*:-:-:*:-:xen_server:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2013-6795

EPSS FAQ

6.82%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 91 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2013-6795

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2013-6795

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-6795

http://packetstormsecurity.com/files/124153/Rackspace-Windows-Agent-Updater-Arbitrary-Code-Execution.html

Rackspace Windows Agent / Updater Arbitrary Code Execution ≈ Packet Storm
https://github.com/rackerlabs/openstack-guest-agents-windows-xenserver/releases/tag/1.2.6.0

Release 1.2.6.0: Updated the agent and updater to use IPC communications rather than T… · rackerlabs/openstack-guest-agents-windows-xenserver · GitHub
http://blog.cloudpassage.com/2013/11/18/cve-2013-6795-vulnerability-rackspace-windows-agent-updater/

CVE-2012-1823 Vulnerability in Rackspace Windows Agent and Updater
https://github.com/rackerlabs/openstack-guest-agents-windows-xenserver/commit/ef16f88f20254b8083e361f11707da25f8482401

Updated the agent and updater to use IPC communications rather than T… · rackerlabs/openstack-guest-agents-windows-xenserver@ef16f88 · GitHub
Exploit;Patch
http://archives.neohapsis.com/archives/bugtraq/2013-11/0122.html

Jump to

Vulnerability Details : CVE-2013-6795

Products affected by CVE-2013-6795

Exploit prediction scoring system (EPSS) score for CVE-2013-6795

CVSS scores for CVE-2013-6795

CWE ids for CVE-2013-6795

References for CVE-2013-6795