Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-1346

5 documents4 sources
Severity
1.2LOW
EPSS
0.6%
top 30.77%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Broadcom Arcserve BackupCA Arcserve Backup
Timeline
PublishedMay 18
Latest updateApr 30

Description

Computer Associates ARCserveIT 6.61 and 6.63 (also called ARCservIT) allows local users to overwrite arbitrary files via a symlink attack on the temporary files (1) asagent.tmp or (2) inetd.tmp.

CVSS vector

AV:L/AC:H/C:N/I:P/A:NExploitability: 1.9 | Impact: 2.9

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-35xx-5qr2-qpwp: Computer Associates ARCserveIT 62022-04-30
CVEList
CVE-2001-1346: Computer Associates ARCserveIT 62002-05-03

💥Exploits & PoCs

2
Exploit-DB
ARCservIT 6.61/6.63 Client - asagent.tmp Arbitrary File Overwrite2001-05-18
Exploit-DB
ARCservIT 6.61/6.63 Client - inetd.tmp Arbitrary File Overwrite2001-05-18