cbcvebase.
CVE-2007-0168
published 2007-01-11

CVE-2007-0168: The Tape Engine service in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection…

PriorityP259high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
19.78%
97.1th percentile
The Tape Engine service in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allows remote attackers to execute arbitrary code via certain data in opnum 0xBF in an RPC request, which is directly executed.

Affected

4 ranges
VendorProductVersion rangeFixed in
broadcombrightstor_arcserve_backup<= 11.5
broadcombrightstor_arcserve_backup
broadcombrightstor_enterprise_backup
broadcombusiness_protection_suite

Detection & IOCsextracted from sources · hover to see the quote

port4444
otheropnum 0xBF in RPC request
  • ·Affected versions span CA BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2; detections should be scoped to these versions.
  • ·Exploitation succeeds with SYSTEM privileges; any process spawned by the Tape Engine service post-exploitation will run as SYSTEM, which should inform privilege-level alerting thresholds.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.