CVE-2007-5006

Description

Multiple command handlers in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 do not verify if a peer is authenticated, which allows remote attackers to add and delete users, and start client restores.

Related CPE's

acaprotection_suitesr2*******

abroadcombrightstor_arcserve_backup_laptops_desktops4.0*******

abroadcombrightstor_arcserve_backup_laptops_desktops11.5*******

abroadcombrightstor_arcserve_backup_laptops_desktops11.0*******

abroadcombrightstor_arcserve_backup_laptops_desktops11.1*******

abroadcombrightstor_arcserve_backup_laptops_desktops11.1sp1******

abroadcomdesktop_management_suite11.2*******

abroadcomdesktop_management_suite11.0*******

abroadcomdesktop_management_suite11.1*******

References

20070920 CA ARCserve Backup for Laptops and Desktops Authentication Bypass Vulnerability

http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp

Patch

http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006

Patch

http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35677

Patch

24348

1018728

25606

Vendor Advisory

20070921 [CAID 35673, 35674, 35675, 35676, 35677]: CA ARCserve Backup for Laptops and Desktops Multiple Server Vulnerabilities

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:L/Au:N/C:C/I:C/A:C

AccessVector

NETWORK

AccessComplexity

LOW

Authentication

NONE

ConfidentialityImpact

COMPLETE

IntegrityImpact

COMPLETE

AvailabilityImpact

COMPLETE

BaseScore

10

Created by Yello
About Severity.io