Vulnerability Description
Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 does not authenticate connections between the console and the Ghost Management Agent, which allows remote attackers to execute arbitrary commands via unspecified RPC requests in conjunction with ARP spoofing.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Symantec | Ghost Solutions Suite | 1.1 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/28853Vendor Advisory
- http://www.securityfocus.com/bid/27644
- http://www.securitytracker.com/id?1019356
- http://www.symantec.com/avcenter/security/Content/2008.02.07.htmlPatch
- http://www.vupen.com/english/advisories/2008/0474Vendor Advisory
- http://secunia.com/advisories/28853Vendor Advisory
- http://www.securityfocus.com/bid/27644
- http://www.securitytracker.com/id?1019356
- http://www.symantec.com/avcenter/security/Content/2008.02.07.htmlPatch
- http://www.vupen.com/english/advisories/2008/0474Vendor Advisory
FAQ
What is CVE-2008-0640?
CVE-2008-0640 is a vulnerability with a CVSS score of 10.0 (HIGH). Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 does not authenticate connections between the console and the Ghost Management Agent, which allows remote attackers to execute ar...
How severe is CVE-2008-0640?
CVE-2008-0640 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-0640?
Check the references section above for vendor advisories and patch information. Affected products include: Symantec Ghost Solutions Suite.