Vulnerabilities > CVE-2013-6182 - Local Privilege Escalation vulnerability in EMC Replication Manager Unquoted File Paths

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
emc
NVD
Published: 2013-12-28
Updated: 2014-01-08

Summary

Unquoted Windows search path vulnerability in EMC Replication Manager before 5.5 allows local users to gain privileges via a crafted application in a parent directory of an intended directory. Per: http://cwe.mitre.org/data/definitions/428.html "CWE-428: Unquoted Search Path or Element"

Vulnerable Configurations

Part Description Count
Application
Emc
6

Seebug

bulletinFamilyexploit
descriptionBugtraq ID:64520 CVE ID:CVE-2013-6182 EMC Replication Manager是一款通过统一的管理控制台管理复制技术并协调整个数据复制过程的解决方案。 EMC Replication Manager允许在文件路径中包含未加引号元素的脚本,允许用户创建包含空格或其他分隔符元素的脚本,可访问父路径中的资源并执行,可提升权限。 0 EMC Replication Manager 厂商补丁: EMC ----- EMC Replication Manager 5.5.0已经修复该漏洞,建议用户下载更新: https://support.emc.com/products/1293
idSSV:61234
last seen2017-11-19
modified2013-12-30
published2013-12-30
reporterRoot
titleEMC Replication Manager文件路径处理本地权限提升漏洞

References