Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-6076

4 documents4 sources

Severity

10.0CRITICAL

EPSS

78.9%

top 0.95%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Broadcom Brightstor Arcserve Backup CA Brightstor Arcserve Backup CA Brightstor Arcserve Backup Agent

Timeline

PublishedNov 24

Latest updateMay 1

Description

Buffer overflow in the Tape Engine (tapeeng.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to execute arbitrary code via certain RPC requests to TCP port 6502.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶NVDbroadcom/brightstor_arcserve_backup11.5+2

▶NVDca/brightstor_arcserve_backup11, 11.1+1

▶NVDca/brightstor_arcserve_backup_agent11.0, 11.1+1

🔴Vulnerability Details

GHSA

GHSA-f4wf-c423-fr3w: Buffer overflow in the Tape Engine (tapeeng↗2022-05-01

▶

CVEList

CVE-2006-6076: Buffer overflow in the Tape Engine (tapeeng↗2006-11-24

▶

💥Exploits & PoCs

Exploit-DB

CA BrightStor ARCserve - Tape Engine Buffer Overflow (Metasploit)↗2010-05-09

▶