CyberSec.Space Logo
Back to CVE Browser

CVE-2008-0640

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0900%
EPSS Percentile6.71th
PublishedFeb 8, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 does not authenticate connections between the console and the Ghost Management Agent, which allows remote attackers to execute arbitrary commands via unspecified RPC requests in conjunction with ARP spoofing.

Affected Platforms (CPE)

πŸ“¦
Symantec

Ghost Solutions Suite

= 1.1
πŸ“¦
Symantec

Ghost Solutions Suite

= 2.0.0
πŸ“¦
Symantec

Ghost Solutions Suite

= 2.0.1

References & Advisories

πŸ”— http://secunia.com/advisories/28853
πŸ”— http://www.securityfocus.com/bid/27644
πŸ”— http://www.securitytracker.com/id?1019356
πŸ”— http://www.symantec.com/avcenter/security/Content/2008.02.07.html
πŸ”— http://www.vupen.com/english/advisories/2008/0474
πŸ”— http://secunia.com/advisories/28853
πŸ”— http://www.securityfocus.com/bid/27644
πŸ”— http://www.securitytracker.com/id?1019356

Related Vulnerabilities

CVE-2016-65907.8

A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec IT Management Suite 8.0 prior ...

CVE-2018-183647.3

Symantec Ghost Solution Suite (GSS) versions prior to 3.3 RU1 may be susceptible to a DLL hijacking vulnerability, which is a type...

CVE-2012-03066.8

Symantec Ghost Solution Suite 2.x through 2.5.1 allows remote attackers to execute arbitrary code or cause a denial of service (me...

CVE-2015-56896.8

ghostexp.exe in Ghost Explorer Utility in Symantec Ghost Solutions Suite (GSS) before 3.0 HF2 12.0.0.8010 and Symantec Deployment ...