EMC AutoStart < 5.5.0 HF4 ftAgent Remote Code Execution

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by a remote code execution vulnerability.

Description :

The remote host is running a version of the EMC AutoStart ftAgent that
is affected by a remote code execution vulnerability due to a failure
to communicate securely between nodes. An unauthenticated, remote
attacker can exploit this, via specially crafted packets, to execute
arbitrary commands on the remote host with root or SYSTEM privileges.

See also :

http://www.kb.cert.org/vuls/id/581276

Solution :

Upgrade to EMC AutoStart 5.5.0.508 (HF4).

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 83474 ()

Bugtraq ID: 74426

CVE ID: CVE-2015-0538

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now