CVE-2012-0406
Published Apr 20, 2012
Last updated 12 years ago
Overview
- Description
- The DPA_Utilities.cProcessAuthenticationData function in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an AUTHENTICATECONNECTION command that (1) lacks a password field or (2) has an empty password.
- Source
- security_alert@emc.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.8
- Impact score
- 6.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:N/A:C
Weaknesses
- nvd@nist.gov
- CWE-264
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:data_protection_advisor:5.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "680208E2-56D1-4867-9B28-A867F0252FB1"
},
{
"criteria": "cpe:2.3:a:emc:data_protection_advisor:5.5:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0945F3BB-790E-4F38-B311-C056F8F1F774"
},
{
"criteria": "cpe:2.3:a:emc:data_protection_advisor:5.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E71E518A-F416-4850-9F2B-7E93CD975381"
},
{
"criteria": "cpe:2.3:a:emc:data_protection_advisor:5.6:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "925F0652-1C6D-497B-ADF0-4248C0B2533F"
},
{
"criteria": "cpe:2.3:a:emc:data_protection_advisor:5.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "30116207-86BD-4384-87C3-7919340DB5D3"
},
{
"criteria": "cpe:2.3:a:emc:data_protection_advisor:5.7:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "28572343-8AAB-4249-9FA6-001757B83061"
},
{
"criteria": "cpe:2.3:a:emc:data_protection_advisor:5.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "73341E0C-5EB7-45C9-9068-A77054704A2A"
},
{
"criteria": "cpe:2.3:a:emc:data_protection_advisor:5.8:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D72AB885-317E-4DF4-8FEF-689DCE3BCA92"
}
],
"operator": "OR"
}
]
}
]