CVE-2007-2279

CWE-2643 documents3 sources
Severity
9.3CRITICAL
EPSS
13.1%
top 5.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Symantec Veritas Storage Foundation
Timeline
PublishedJun 4
Latest updateMay 1

Description

The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket that create (1) PreScript or (2) PostScript registry values under Veritas\VxSvc\CurrentVersion\Schedules specifying future command execution.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

Patches

Patch: www.symantec.comPatch: www.symantec.com

🔴Vulnerability Details

2
GHSA
GHSA-2vmv-r5mh-gqqw: The Scheduler Service (VxSchedService2022-05-01
CVEList
CVE-2007-2279: The Scheduler Service (VxSchedService2007-06-04
CVE-2007-2279 (CRITICAL CVSS 9.3) | The Scheduler Service (VxSchedServi | cvebase.io