CVE-2012-0406

The DPA_Utilities.cProcessAuthenticationData function in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an AUTHENTICATECONNECTION command that (1) lacks a password field or (2) has an empty password.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:C
dellCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
VendorProductVersion
emcdata_protection_advisor
5.5
emcdata_protection_advisor
5.5:sp1
emcdata_protection_advisor
5.6
emcdata_protection_advisor
5.6:sp1
emcdata_protection_advisor
5.7
emcdata_protection_advisor
5.7:sp1
emcdata_protection_advisor
5.8
emcdata_protection_advisor
5.8:sp1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://aluigi.altervista.org/adv/dpa_1-adv.txt
http://www.exploit-db.com/exploits/18688/
http://www.securityfocus.com/archive/1/522408/30/0/threaded
http://www.securitytracker.com/id?1026956
http://aluigi.altervista.org/adv/dpa_1-adv.txt
http://www.exploit-db.com/exploits/18688/
http://www.securityfocus.com/archive/1/522408/30/0/threaded
http://www.securitytracker.com/id?1026956