Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-0168

4 documents4 sources
Severity
7.5HIGH
EPSS
61.3%
top 1.68%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Broadcom Brightstor Arcserve BackupBroadcom Brightstor Enterprise BackupBroadcom Business Protection Suite
Timeline
PublishedJan 11
Latest updateMay 1

Description

The Tape Engine service in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allows remote attackers to execute arbitrary code via certain data in opnum 0xBF in an RPC request, which is directly executed.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

Patches

Patch: supportconnectw.ca.comPatch: supportconnectw.ca.com

🔴Vulnerability Details

2
GHSA
GHSA-5r4j-w82w-r235: The Tape Engine service in Computer Associates (CA) BrightStor ARCserve Backup 92022-05-01
CVEList
CVE-2007-0168: The Tape Engine service in Computer Associates (CA) BrightStor ARCserve Backup 92007-01-11

💥Exploits & PoCs

1
Exploit-DB
CA BrightStor ARCserve Backup - Message Engine/Tape Engine Remote Buffer Overflow2007-01-11
CVE-2007-0168 (HIGH CVSS 7.5) | The Tape Engine service in Computer | cvebase.io