Vulnerabilities > CVE-2014-4634 - Local Privilege Escalation vulnerability in EMC Replication Manager and AppSync

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

emc

NVD

Published: 2014-12-30

Updated: 2015-03-24

Summary

Unquoted Windows search path vulnerability in EMC Replication Manager through 5.5.2 and AppSync before 2.1.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character. <a href="http://cwe.mitre.org/data/definitions/428.html" target="_blank">CWE-428: Unquoted Search Path or Element</a>

Vulnerable Configurations

Part	Description	Count
Application	Emc EMC Appsync 2.0 EMC Replication Manager 5.0 EMC Replication Manager 5.1 EMC Replication Manager 5.2 EMC Replication Manager 5.3 EMC Replication Manager 5.4 EMC Replication Manager 5.4.3 EMC Replication Manager 5.5 EMC Replication Manager 5.5.1 EMC Replication Manager 5.5.2	11

References

http://archives.neohapsis.com/archives/bugtraq/2014-12/0170.html