Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-0816

4 documents4 sources

Severity

5.0MEDIUM

EPSS

14.3%

top 5.60%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Broadcom Brightstor Arcserve Backup

Timeline

PublishedFeb 7

Latest updateMay 1

Description

The RPC Server service (catirpc.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 SP2 and earlier allows remote attackers to cause a denial of service (service crash) via a crafted TADDR2UADDR that triggers a null pointer dereference in catirpc.dll, possibly related to null credentials or verifier fields.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDbroadcom/brightstor_arcserve_backup11, 11.1, 11.5+2

🔴Vulnerability Details

GHSA

GHSA-5824-h7hh-g2xr: The RPC Server service (catirpc↗2022-05-01

▶

CVEList

CVE-2007-0816: The RPC Server service (catirpc↗2007-02-07

▶

💥Exploits & PoCs

Exploit-DB

CA BrightStor ARCserve 11.5.2.0 - 'catirpc.dll' RPC Server Denial of Service↗2007-02-01

▶