CVE-2015-0538

Name of the Vulnerable Software and Affected Versions EMC AutoStart versions 5.4.x through 5.5.x before 5.5.0.508 HF4

Description The issue allows remote attackers to execute arbitrary commands via crafted packets. It involves SQL injection and command injection vulnerabilities in the ftagent.exe component of EMC AutoStart, specifically affecting various opcodes and subcodes, such as Opcode 83 Subcode 22, Opcode 20 Subcode 2060, Opcode 85 Subcode 33, and Opcode 20 Subcode 2219.

Recommendations For versions 5.4.x through 5.5.x before 5.5.0.508 HF4, update to version 5.5.0.508 HF4 or later to resolve the issue. As a temporary workaround, consider restricting access to the ftagent.exe component until a patch is applied. Avoid using the vulnerable opcodes and subcodes in the ftAgent protocol until the issue is resolved.