CVE-2015-0525 : The Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (

The Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary OS commands via unspecified vectors.

Published 2015-03-12 10:59:05

Updated 2025-04-12 10:46:41

Source Dell

View at NVD, CVE.org

Products affected by CVE-2015-0525

EMC » Secure Remote Services » Version: 3.03 Virtual Edition
cpe:2.3:a:emc:secure_remote_services:3.03:*:*:*:virtual:*:*:*
Matching versions
EMC » Secure Remote Services » Version: 3.02 Virtual Edition
cpe:2.3:a:emc:secure_remote_services:3.02:*:*:*:virtual:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-0525

EPSS FAQ

1.83%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 82 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-0525

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2015-0525

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-0525

http://www.securityfocus.com/archive/1/534928/100/0/threaded

SecurityFocus
Third Party Advisory;VDB Entry
http://seclists.org/fulldisclosure/2015/Mar/118

Full Disclosure: Command injection vulnerability in EMC Secure Remote Services Virtual Edition
Mailing List;Third Party Advisory
https://www.securify.nl/advisory/SFY20141112/command_injection_vulnerability_in_emc_secure_remote_services_virtual_edition.html

Command injection vulnerability in EMC Secure Remote Services Virtual Edition - Security Advisories and Insights - Securify B.V.
Exploit
http://seclists.org/bugtraq/2015/Mar/40

Bugtraq: ESA-2015-040: EMC Secure Remote Services Virtual Edition Security Update for Multiple Vulnerabilities
Mailing List;Third Party Advisory

CVEs referencing this url
http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html

EMC Secure Remote Services GHOST / SQL Injection / Command Injection ≈ Packet Storm
Third Party Advisory;VDB Entry

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2015-0525

Products affected by CVE-2015-0525

Exploit prediction scoring system (EPSS) score for CVE-2015-0525

CVSS scores for CVE-2015-0525

CWE ids for CVE-2015-0525

References for CVE-2015-0525