Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-2535

5 documents4 sources

Severity

7.5HIGH

EPSS

82.9%

top 0.75%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Broadcom Arcserve Backup 2000 Broadcom Brightstor Arcserve Backup Broadcom Brightstor Arcserve Backup HP +1 more

Timeline

PublishedAug 10

Latest updateMay 1

Description

Buffer overflow in the Discovery Service in BrightStor ARCserve Backup 9.0 through 11.1 allows remote attackers to execute arbitrary commands via a large packet to TCP port 41523, a different vulnerability than CVE-2005-0260.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages4 packages

▶NVDbroadcom/brightstor_arcserve_backup5 versions+4

▶NVDbroadcom/brightstor_arcserve_backup_hp11.1

▶NVDbroadcom/arcserve_backup_2000r16.5

▶NVDbroadcom/brightstor_enterprise_backup10, 10.0, 10.5+2

Patches

Patch: secunia.com ↗Patch: www.kb.cert.org ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-hj9p-hf3x-56rg: Buffer overflow in the Discovery Service in BrightStor ARCserve Backup 9↗2022-05-01

▶

CVEList

CVE-2005-2535: Buffer overflow in the Discovery Service in BrightStor ARCserve Backup 9↗2005-08-10

▶

💥Exploits & PoCs

Exploit-DB

CA BrightStor Discovery Service - TCP Overflow (Metasploit)↗2010-04-30

▶

Exploit-DB

CA BrightStor ARCserve Backup - Remote Buffer Overflow (PoC)↗2005-02-12

▶