CVE-2008-5420

Published: Dec 10, 2008Modified: Apr 23, 2026

7.8

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Exploitability: 10.0 / Impact: 6.9

Source: NVD

Description

The SAN Manager Master Agent service (aka msragent.exe) in EMC Control Center before 6.1 does not properly authenticate SST_SENDFILE requests, which allows remote attackers to read arbitrary files.

Affected (2)

Products: Emc: Control Center

Emc

1 product

Control Center

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Emc Control Center	Up to 6.0
Emc Control Center	Version 5.2 sp5

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (18)

http://osvdb.org/50032

Source: cve@mitre.org

http://secunia.com/advisories/32801

Source: cve@mitre.org

Vendor Advisory

http://securityreason.com/securityalert/4709

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/498556/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/32392

Source: cve@mitre.org

http://www.securitytracker.com/id?1021263

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/3220

Source: cve@mitre.org

http://www.zerodayinitiative.com/advisories/ZDI-08-076/

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/46753

Source: cve@mitre.org

http://osvdb.org/50032