Vulnerability Details : CVE-2013-0928
Public exploit exists!
The NetWorker command processor in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary commands via a DCP "run command" operation.
Exploit prediction scoring system (EPSS) score for CVE-2013-0928
Probability of exploitation activity in the next 30 days: 18.33%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 96 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2013-0928
-
EMC AlphaStor Device Manager Opcode 0x75 Command Injection
Disclosure Date: 2013-01-18First seen: 2020-04-26exploit/windows/emc/alphastor_device_manager_execThis module exploits a flaw within the Device Manager (rrobtd.exe). When parsing the 0x75 command, the process does not properly filter user supplied input allowing for arbitrary command injection. This module has been tested successfully on EMC AlphaStor 4.0 build 116
CVSS scores for CVE-2013-0928
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2013-0928
-
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-0928
-
http://www.zerodayinitiative.com/advisories/ZDI-13-033/
ZDI-13-033 | Zero Day Initiative
-
http://www.exploit-db.com/exploits/34756
EMC AlphaStor Device Manager Opcode 0x75 - Command Injection (Metasploit) - Windows remote Exploit
- http://archives.neohapsis.com/archives/bugtraq/2013-01/0078.html
-
http://www.securityfocus.com/bid/57472
EMC AlphaStor Format String and Command Injection VulnerabilitiesExploit
Products affected by CVE-2013-0928
- cpe:2.3:a:emc:alphastor:4.0:*:*:*:*:*:*:*