CVE-2008-4397

Broadcom Arcserve Backup - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to execute arbitrary commands via a .. (dot dot) in an RPC call with opnum 0x10A.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16404

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by Nahuel Cayento Riva, MC · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/brightstor/ca_arcserve_342.rb

View Code ZIP pw:eip

References (9)

[Vendor Advisory] http://secunia.com/advisories/32220

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/45774

[Patch, Vendor Advisory] https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/497218

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/497281/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/31684

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1021032

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/2777

[Third Party Advisory] http://securityreason.com/securityalert/4412

Scores

EPSS 0.8582

EPSS Percentile 99.4%

Details

CWE

CWE-20 CWE-22

Status published

Products (6)

broadcom/arcserve_backup r12.0

broadcom/business_protection_suite r2

broadcom/server_protection_suite r2

ca/arcserve_backup r11.1

ca/arcserve_backup r11.5

ca/business_protection_suite r2 (2 CPE variants)

Published Oct 14, 2008

Tracked Since Feb 18, 2026