| Vulnerability Name: | CVE-2008-0640 (CCN-40366) | ||||||||
| Assigned: | 2008-02-07 | ||||||||
| Published: | 2008-02-07 | ||||||||
| Updated: | 2011-07-25 | ||||||||
| Summary: | Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 does not authenticate connections between the console and the Ghost Management Agent, which allows remote attackers to execute arbitrary commands via unspecified RPC requests in conjunction with ARP spoofing. | ||||||||
| CVSS v3 Severity: | 9.6 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
6.2 Medium (CCN Temporal CVSS v2 Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-287 | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: MITRE Type: CNA CVE-2008-0640 Source: CCN Type: SA28853 Symantec Ghost Solution Suite Client Command Execution Vulnerability Source: SECUNIA Type: Vendor Advisory 28853 Source: CCN Type: SECTRACK ID: 1019356 Symantec Ghost Solution Suite Authentication Bug Lets Remote Users Execute Arbitrary Code Source: CCN Type: OSVDB ID: 41228 Symantec Ghost Solution Suite ARP Spoofing Authentication Bypass Source: BID Type: UNKNOWN 27644 Source: CCN Type: BID-27644 Symantec Ghost Solution Suite ARP Spoofing Authentication Bypass Vulnerability Source: SECTRACK Type: UNKNOWN 1019356 Source: CCN Type: SYM08-003 Symantec Ghost Solution Suite: server authentication vulnerability Source: CONFIRM Type: Patch http://www.symantec.com/avcenter/security/Content/2008.02.07.html Source: VUPEN Type: Vendor Advisory ADV-2008-0474 Source: XF Type: UNKNOWN symantec-ghost-arp-command-execution(40366) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||