What is CVE-2013-0928?

CVE-2013-0928 is a vulnerability in Emc Alphastor, classified under OS Command Injection. Published 2013-01-21.

Is CVE-2013-0928 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Emc Alphastor

CVE-2013-0928

The NetWorker command processor in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary commands via a DCP "run command" operation.

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.787 (99.1th percentile) — read the EPSS interpretation.

Affected products

Emc Alphastor — versions 4.0
N/a — versions n/a

Weakness classification (CWE)

CWE-78 — OS Command Injection

Public proof-of-concept exploits

rapid7/metasploit-framework

References

20130118 ESA-2013-008: EMC AlphaStor Multiple Vulnerabilities (mailing-list, x_refsource_BUGTRAQ)
security_alert@emc.com (x_refsource_MISC)
57472 (Exploit, vdb-entry, x_refsource_BID)
34756 (exploit, x_refsource_EXPLOIT-DB)

Frequently asked questions

What is CVE-2013-0928?: CVE-2013-0928 is a vulnerability in Emc Alphastor, classified under OS Command Injection. Published 2013-01-21.
Is CVE-2013-0928 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.