Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-1979

CWE-1894 documents4 sources

Severity

5.0MEDIUM

EPSS

18.3%

top 4.78%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Broadcom Brightstor Arcserve Backup

Timeline

PublishedApr 27

Latest updateMay 1

Description

The Discovery Service (casdscvc) in CA ARCserve Backup 12.0.5454.0 and earlier allows remote attackers to cause a denial of service (crash) via a packet with a large integer value used in an increment to TCP port 41523, which triggers a buffer over-read.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDbroadcom/brightstor_arcserve_backup12.0.5454.0

🔴Vulnerability Details

GHSA

GHSA-5qfj-vf8q-qc9r: The Discovery Service (casdscvc) in CA ARCserve Backup 12↗2022-05-01

▶

CVEList

CVE-2008-1979: The Discovery Service (casdscvc) in CA ARCserve Backup 12↗2008-04-27

▶

💥Exploits & PoCs

Exploit-DB

Computer Associates ARCserve Backup Discovery Service Remote - Denial of Service↗2008-04-24

▶