CA.BrightStor.ARCServe.Message.Engine.Directory.Traversal
Description
This indicates an attempt to exploit a remote command injection vulnerability in CA BrightStor ARCServe BackUp Message.
By sending a specially crafted RPC request, a remote attacker could bypass the current directory execution path and execute arbitrary command on a vulnerable system.
Affected Products
CA BrightStor ARCServe BackUp R11.5
Impact
System Compromise: Remote attackers can inject commands on vulnerable systems.
Recommended Actions
The vendor has not supplied any patches for this issue as of this writing. We recommend filtering traffic to TCP/6504 as a workaround.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2019-01-31 | 14.538 | Name:CA. BrightStor. ARCServe. BackUp. Message. Engine. Directory. Traversa:CA. BrightStor. ARCServe. Message. Engine. Directory. Traversal |