CVE-2015-0525

The Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary OS commands via unspecified vectors.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://seclists.org/bugtraq/2015/Mar/40	Mailing List Third Party Advisory
http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html	Third Party Advisory VDB Entry
https://www.securify.nl/advisory/SFY20141112/command_injection_vulnerability_in_emc_secure_remote_services_virtual_edition.html	Exploit
http://seclists.org/fulldisclosure/2015/Mar/118	Mailing List Third Party Advisory
http://www.securityfocus.com/archive/1/534928/100/0/threaded	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:emc:secure_remote_services:3.02::::virtual:::
	cpe:2.3:a:emc:secure_remote_services:3.03::::virtual:::

Information

Published : 2015-03-12 03:59

Updated : 2019-02-01 10:14

NVD link : CVE-2015-0525

Mitre link : CVE-2015-0525

JSON object : View

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Products Affected

emc

secure_remote_services

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://seclists.org/bugtraq/2015/Mar/40", "name": "20150310 ESA-2015-040: EMC Secure Remote Services Virtual Edition Security Update for Multiple Vulnerabilities", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "BUGTRAQ"}, {"url": "http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html", "name": "http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "MISC"}, {"url": "https://www.securify.nl/advisory/SFY20141112/command_injection_vulnerability_in_emc_secure_remote_services_virtual_edition.html", "name": "https://www.securify.nl/advisory/SFY20141112/command_injection_vulnerability_in_emc_secure_remote_services_virtual_edition.html", "tags": ["Exploit"], "refsource": "MISC"}, {"url": "http://seclists.org/fulldisclosure/2015/Mar/118", "name": "20150318 Command injection vulnerability in EMC Secure Remote Services Virtual Edition", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "FULLDISC"}, {"url": "http://www.securityfocus.com/archive/1/534928/100/0/threaded", "name": "20150318 Command injection vulnerability in EMC Secure Remote Services Virtual Edition", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary OS commands via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-78"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2015-0525", "ASSIGNER": "secure@dell.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "acInsufInfo": false, "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2015-03-12T10:59Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:emc:secure_remote_services:3.02:*:*:*:virtual:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:emc:secure_remote_services:3.03:*:*:*:virtual:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2019-02-01T18:14Z"}

7.5 /10