1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: EMC Data Protection Advisor CVE-2017-10955

Attack: EMC Data Protection Advisor CVE-2017-10955

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects the attempts to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

Additional Information

EMC Data Protection Advisor is prone to a remote command-injection vulnerability because it fails to properly validate user-input to 'preScript' parameter. Specifically, this issue affects the EMC DPA Application service.

Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

Affected

  • EMC Data Protection Advisor 6.3.0.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube