CVE-2012-0406

EMC Data Protection Advisor 5.5-5.8 SP1 - Denial of Service via Malformed AUTHENTICATECONNECTION Command

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-0406. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary The exploit demonstrates two vulnerabilities in EMC Data Protection Advisor: a NULL pointer dereference in the AUTHENTICATECONNECTION command and a CPU exhaustion DoS via a negative 64-bit size field. Both can be triggered remotely on ports 3916 and 4001.

Description

The DPA_Utilities.cProcessAuthenticationData function in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an AUTHENTICATECONNECTION command that (1) lacks a password field or (2) has an empty password.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Luigi Auriemma · textdoshardware

https://www.exploit-db.com/exploits/18688

View Code ZIP pw:eip

The exploit demonstrates two vulnerabilities in EMC Data Protection Advisor: a NULL pointer dereference in the AUTHENTICATECONNECTION command and a CPU exhaustion DoS via a negative 64-bit size field. Both can be triggered remotely on ports 3916 and 4001.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: EMC Data Protection Advisor <= 5.8.1

No auth needed

Prerequisites: Network access to ports 3916 or 4001

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit x_refsource_misc

http://aluigi.altervista.org/adv/dpa_1-adv.txt

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/522408/30/0/threaded

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/18688/

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1026956

Scores

EPSS 0.0865

EPSS Percentile 94.4%

Details

CWE

CWE-264

Status published

Products (4)

emc/data_protection_advisor 5.5 (2 CPE variants)

emc/data_protection_advisor 5.6 (2 CPE variants)

emc/data_protection_advisor 5.7 (2 CPE variants)

emc/data_protection_advisor 5.8 (2 CPE variants)

Published Apr 20, 2012

Tracked Since Feb 18, 2026