CVE-2008-2157
published 2008-05-29CVE-2008-2157: robotd in the Library Manager in EMC AlphaStor 3.1 SP1 for Windows allows remote attackers to execute arbitrary commands via an unspecified string field in a…
PriorityP270critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
35.75%
98.3th percentile
robotd in the Library Manager in EMC AlphaStor 3.1 SP1 for Windows allows remote attackers to execute arbitrary commands via an unspecified string field in a packet to TCP port 3500.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| emc_corporation | alphastor | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unexpected or malformed packets sent to TCP port 3500 targeting EMC AlphaStor Library Manager (robotd process); arbitrary command injection occurs via a string field in the packet payload. ↗
- →Metasploit auxiliary module exists for EMC AlphaStor Library Manager arbitrary command execution; presence of this module in use indicates active exploitation attempts. ↗
- →Metasploit auxiliary module also exists for EMC AlphaStor Device Manager arbitrary command execution; monitor for exploitation of the Device Manager component as well. ↗
- ·Vulnerability is confirmed specifically for EMC AlphaStor 3.1 SP1 on Windows; other versions or platforms may differ in exposure. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Metasploit
EMC AlphaStor Device Manager Arbitrary Command Execution
metasploit
EMC AlphaStor Device Manager Arbitrary Command Execution
EMC AlphaStor Device Manager Arbitrary Command Execution
EMC AlphaStor Device Manager is prone to a remote command-injection vulnerability because the application fails to properly sanitize user-supplied input.
Metasploit
EMC AlphaStor Library Manager Arbitrary Command Execution
metasploit
EMC AlphaStor Library Manager Arbitrary Command Execution
EMC AlphaStor Library Manager Arbitrary Command Execution
EMC AlphaStor Library Manager is prone to a remote command-injection vulnerability because the application fails to properly sanitize user-supplied input.
No writeups or analysis indexed.
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=703http://secunia.com/advisories/30410http://securitytracker.com/id?1020116http://www.vupen.com/english/advisories/2008/1670https://exchange.xforce.ibmcloud.com/vulnerabilities/42671http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=703http://secunia.com/advisories/30410http://securitytracker.com/id?1020116http://www.vupen.com/english/advisories/2008/1670https://exchange.xforce.ibmcloud.com/vulnerabilities/42671
2008-05-29
Published