Vulnerability Details : CVE-2008-5415
The LDBserver service in the server in CA ARCserve Backup 11.1 through 12.0 on Windows allows remote attackers to execute arbitrary code via a handle_t argument to an RPC endpoint in which the argument refers to an incompatible procedure.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2008-5415
Probability of exploitation activity in the next 30 days: 24.00%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 96 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2008-5415
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2008-5415
-
http://www.securityfocus.com/archive/1/499104/100/0/threaded
-
http://securityreason.com/securityalert/4708
-
http://www.securityfocus.com/bid/32764
-
http://www.vupen.com/english/advisories/2008/3404
Vendor Advisory
-
http://www.securityfocus.com/archive/1/499128/100/0/threaded
-
http://community.ca.com/blogs/casecurityresponseblog/archive/2008/12/10.aspx
-
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=194293
Patch;Vendor Advisory
Products affected by CVE-2008-5415
- cpe:2.3:a:ca:arcserve_backup:r11.1:*:*:*:*:*:*:*
- cpe:2.3:a:ca:arcserve_backup:r11.5:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:arcserve_backup:r12.0:*:*:*:*:*:*:*