CVE-2006-3223

3 documents3 sources

Severity

7.5HIGH

EPSS

1.7%

top 17.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Etrust Antivirus Broadcom Etrust Pestpatrol Broadcom Integrated Threat Management

Timeline

PublishedJun 27

Latest updateMay 1

Description

Format string vulnerability in CA Integrated Threat Management (ITM), eTrust Antivirus (eAV), and eTrust PestPatrol (ePP) r8 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a scan job with format strings in the description field.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶NVDbroadcom/etrust_antivirus8.0

▶NVDbroadcom/etrust_pestpatrol8.0

▶NVDbroadcom/integrated_threat_management8.0

Patches

Patch: www3.ca.com ↗Patch: www3.ca.com ↗

🔴Vulnerability Details

GHSA

GHSA-hrmm-fv9h-x9h8: Format string vulnerability in CA Integrated Threat Management (ITM), eTrust Antivirus (eAV), and eTrust PestPatrol (ePP) r8 allows attackers to cause↗2022-05-01

▶

CVEList

CVE-2006-3223: Format string vulnerability in CA Integrated Threat Management (ITM), eTrust Antivirus (eAV), and eTrust PestPatrol (ePP) r8 allows attackers to cause↗2006-06-27

▶