Vulnerability Details : CVE-2012-2972
The (1) server and (2) agent components in CA ARCserve Backup r12.5, r15, and r16 on Windows do not properly validate RPC requests, which allows remote attackers to cause a denial of service (service crash) via a crafted request.
Vulnerability category: Input validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2012-2972
Probability of exploitation activity in the next 30 days: 67.83%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-2972
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2012-2972
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-2972
-
http://www.kb.cert.org/vuls/id/408099
VU#408099 - CA ARCserve Backup authentication service denial-of-service vulnerabilityUS Government Resource
-
http://seclists.org/fulldisclosure/2013/Jan/86
Full Disclosure: Updated - CA20121018-01: Security Notice for CA ARCserve Backup
-
http://packetstormsecurity.com/files/119543/Security-Notice-For-CA-ARCserve-Backup.html
Security Notice For CA ARCserve Backup ≈ Packet Storm
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/79477
CA ARCserve Backup RPC denial of service CVE-2012-2972 Vulnerability Report
-
http://secunia.com/advisories/51012
Sign in