CA.BrightStor.ARCServe.Message.Engine.Directory.Traversal

description-logoDescription

This indicates an attempt to exploit a remote command injection vulnerability in CA BrightStor ARCServe BackUp Message.
By sending a specially crafted RPC request, a remote attacker could bypass the current directory execution path and execute arbitrary command on a vulnerable system.

affected-products-logoAffected Products

CA BrightStor ARCServe BackUp R11.5

Impact logoImpact

System Compromise: Remote attackers can inject commands on vulnerable systems.

recomended-action-logoRecommended Actions

The vendor has not supplied any patches for this issue as of this writing. We recommend filtering traffic to TCP/6504 as a workaround.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2019-01-31 14.538 Name:CA.
BrightStor.
ARCServe.
BackUp.
Message.
Engine.
Directory.
Traversa:CA.
BrightStor.
ARCServe.
Message.
Engine.
Directory.
Traversal