Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2008-3703
HistoryAug 18, 2008 - 5:41 p.m.

CVE-2008-3703

2008-08-1817:41:00
CWE-287
[email protected]
web.nvd.nist.gov
6

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

Low

EPSS

0.926

Percentile

99.1%

JSON

The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create “snapshots schedules” registry values specifying future command execution. NOTE: this issue exists because of an incomplete fix for CVE-2007-2279.

Affected configurations

Nvd
Node
symantecveritas_storage_foundationMatch5.0windows
OR
symantecveritas_storage_foundationMatch5.0rp1awindows
OR
symantecveritas_storage_foundationMatch5.1windows
VendorProductVersionCPE
symantecveritas_storage_foundation5.0cpe:2.3:a:symantec:veritas_storage_foundation:5.0:*:windows:*:*:*:*:*
symantecveritas_storage_foundation5.0cpe:2.3:a:symantec:veritas_storage_foundation:5.0:rp1a:windows:*:*:*:*:*
symantecveritas_storage_foundation5.1cpe:2.3:a:symantec:veritas_storage_foundation:5.1:*:windows:*:*:*:*:*

Related

cvelist 2
cve 2
prion 2
securityvulns 3
nvd 1
nessus 2
checkpoint_advisories 1
zdi 1
cvelist
cvelist
CVE-2008-3703
2008-08-18 17:15:00
CVE-2007-2279
2007-06-04 16:00:00
cve
cve
CVE-2008-3703
2008-08-18 17:41:00
CVE-2007-2279
2007-06-04 16:30:00
prion
prion
Authentication flaw
2008-08-18 17:41:00
Authentication flaw
2007-06-04 16:30:00
securityvulns
securityvulns
SYM07-009,Symantec Storage Foundation for Windows Volume Manager: Authentication Bypass and Potential Code Execution in Scheduler Service
2007-06-05 00:00:00
TPTI-07-08: Symantec Veritas Storage Foundation Scheduler Service Authentication Bypass Vulnerability
2007-06-05 00:00:00
Symantec VERITAS Storage Foundation multiple security vulnerabilities
2007-06-05 00:00:00
nvd
nvd
CVE-2007-2279
2007-06-04 16:30:00
nessus
nessus
Symantec Veritas Storage Foundation Scheduler Service (VxSchedService.exe) Remote Code Execution
2007-06-04 00:00:00
VERITAS Storage Foundation NULL NTLMSSP Authentication Bypass (SYM08-015)
2008-08-15 00:00:00
checkpoint_advisories
checkpoint_advisories
Symantec Veritas Storage Foundation Scheduler Authentication Bypass (CVE-2008-3703)
2009-11-02 00:00:00
zdi
zdi
Symantec Veritas Storage Foundation Scheduler Service NULL Session Authentication Bypass Vulnerability
2008-08-14 00:00:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

Low

EPSS

0.926

Percentile

99.1%

JSON
Related for NVD:CVE-2008-3703
cvelist2cve2prion2securityvulns3nvd1nessus2checkpoint_advisories1zdi1