CVE-2007-0168
published 2007-01-11CVE-2007-0168: The Tape Engine service in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection…
PriorityP259high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
19.78%
97.1th percentile
The Tape Engine service in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allows remote attackers to execute arbitrary code via certain data in opnum 0xBF in an RPC request, which is directly executed.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| broadcom | brightstor_arcserve_backup | <= 11.5 | — |
| broadcom | brightstor_arcserve_backup | — | — |
| broadcom | brightstor_enterprise_backup | — | — |
| broadcom | business_protection_suite | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- ·Affected versions span CA BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2; detections should be scoped to these versions. ↗
- ·Exploitation succeeds with SYSTEM privileges; any process spawned by the Tape Engine service post-exploitation will run as SYSTEM, which should inform privilege-level alerting thresholds. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://livesploit.com/advisories/LS-20061002.pdfhttp://osvdb.org/31327http://secunia.com/advisories/23648http://securitytracker.com/id?1017506http://supportconnectw.ca.com/public/storage/infodocs/babimpsec-notice.asphttp://www.kb.cert.org/vuls/id/662400http://www.lssec.com/advisories/LS-20061002.pdfhttp://www.securityfocus.com/archive/1/456616/100/0/threadedhttp://www.securityfocus.com/archive/1/456637http://www.securityfocus.com/archive/1/456711http://www.securityfocus.com/bid/22010http://www.vupen.com/english/advisories/2007/0154http://www.zerodayinitiative.com/advisories/ZDI-07-002.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/31442http://livesploit.com/advisories/LS-20061002.pdfhttp://osvdb.org/31327http://secunia.com/advisories/23648http://securitytracker.com/id?1017506http://supportconnectw.ca.com/public/storage/infodocs/babimpsec-notice.asphttp://www.kb.cert.org/vuls/id/662400http://www.lssec.com/advisories/LS-20061002.pdfhttp://www.securityfocus.com/archive/1/456616/100/0/threadedhttp://www.securityfocus.com/archive/1/456637http://www.securityfocus.com/archive/1/456711http://www.securityfocus.com/bid/22010http://www.vupen.com/english/advisories/2007/0154http://www.zerodayinitiative.com/advisories/ZDI-07-002.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/31442
2007-01-11
Published