CVE-2011-3478

{"id": "CVE-2011-3478", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-01-25T15:55:01.003", "references": [{"url": "http://osvdb.org/show/osvdb/78532", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/48092", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/51592", "source": "cve@mitre.org"}, {"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120124_00", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-12-018/", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/38599/", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "The host-services component in Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), does not properly filter login and authentication data, which allows remote attackers to execute arbitrary code via a crafted session on TCP port 5631."}, {"lang": "es", "value": "El componente de host de servicios de Symantec pcAnywhere v12.5.x a trav\u00e9s de v12.5.3, y IT Management Suite pcAnywhere Solution v7.0 (aka 12.5.x) y v7.1 (tambi\u00e9n conocido como 12.6.x), de inicio de sesi\u00f3n de filtro y los datos de autenticaci\u00f3n, es que permite control remoto atacantes para ejecutar c\u00f3digo arbitrario a trav\u00e9s de una sesi\u00f3n a mano en el puerto TCP 5631."}], "lastModified": "2018-01-06T02:29:19.067", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:symantec:pcanywhere:12.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "067CAB0F-D513-4A70-B6C6-06EE290A2F6F"}, {"criteria": "cpe:2.3:a:symantec:pcanywhere:12.5:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39F3C225-B890-47BB-9898-0EFEC969B74D"}, {"criteria": "cpe:2.3:a:symantec:pcanywhere:12.5:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4C296DE-5385-4C59-8824-B1695D38C332"}, {"criteria": "cpe:2.3:a:symantec:pcanywhere:12.5:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1C797C5-7F76-4ECE-859C-B928F380A08D"}, {"criteria": "cpe:2.3:a:symantec:pcanywhere:12.5.539:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9C845AC-3C09-4676-964F-644A01D133CE"}, {"criteria": "cpe:2.3:a:symantec:pcanywhere:12.6.65:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0D0B814-A9C3-4D47-B1C5-59DE0CFEDCF4"}, {"criteria": "cpe:2.3:a:symantec:pcanywhere:12.6.65:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2415480-FC3C-45BF-B93C-F76F0C011F97"}, {"criteria": "cpe:2.3:a:symantec:pcanywhere:12.6.7580:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92218E59-B767-498A-8F09-20202AE643E0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}