CA BrightStor ARCserve Backup RPC Interface (asdbapi.dll) Traversal Arbitrary Command Execution
Critical Nessus Plugin ID 34393
SynopsisArbitrary code can be executed on the remote host.
DescriptionThis host is running BrightStor ARCServe for Windows.
The remote version of this software is affected by an arbitrary command execution vulnerability.
By sending a specially crafted packet to the RPC server on TCP port 6504, an unauthenticated, remote attacker may be able to execute code on the remote host with SYSTEM privileges.
SolutionApply the relevant update referenced in the CA security notice.