EMC AutoStart 5.4.3 / 5.5.0 Packet Injection

EMC AutoStart versions 5.4.3 and prior and versions 5.5.0 and prior are vulnerability due to insecure communication between the nodes of AutoStart cluster. By sending a specifically crafted packet to the AutoStart agent (ftagent.exe ) running on the remote system, it is possible to execute arbitrary commands with the highest privilege level of the affected system (NT / Authority System privilege for Windows and root privilege for Linux platforms). Exploitation of this vulnerability requires an attacker to know the Autostart domain name (if no default value is used) and the node list.

Leave a Reply