CVE-2008-0640

CWE-287Improper Authentication4 documents4 sources
Severity
10.0CRITICAL
EPSS
3.5%
top 12.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Symantec Ghost Solutions Suite
Timeline
PublishedFeb 8
Latest updateMay 1

Description

Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 does not authenticate connections between the console and the Ghost Management Agent, which allows remote attackers to execute arbitrary commands via unspecified RPC requests in conjunction with ARP spoofing.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDsymantec/ghost_solutions_suite1.1, 2.0.0, 2.0.1+2

Patches

Patch: www.symantec.comPatch: www.symantec.com

🔴Vulnerability Details

2
GHSA
GHSA-qfxw-x567-fwfc: Symantec Ghost Solution Suite 12022-05-01
CVEList
CVE-2008-0640: Symantec Ghost Solution Suite 12008-02-08

💥Exploits & PoCs

1
Exploit-DB
VMware - COM API ActiveX Remote Buffer Overflow (PoC)2008-09-01
CVE-2008-0640 (CRITICAL CVSS 10) | Symantec Ghost Solution Suite 1.1 b | cvebase.io