| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 9.4 | $0-$5k | 0.00 |
Summary
A vulnerability labeled as critical has been found in EMC AlphaStor 4.0. This affects an unknown function of the file rrobotd.exe of the component DCP Handler. Executing a manipulation can lead to os command injection. The identification of this vulnerability is CVE-2013-0928. Furthermore, there is an exploit available. The affected component should be upgraded.
Details
A vulnerability classified as very critical was found in EMC AlphaStor 4.0. This vulnerability affects an unknown part of the file rrobotd.exe of the component DCP Handler. The manipulation with an unknown input leads to a os command injection vulnerability. The CWE definition for the vulnerability is CWE-78. The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:
The NetWorker command processor in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary commands via a DCP "run command" operation.
The weakness was shared 01/18/2013 by Aniway.Anyway with Zero Day Initiative as ESA-2012-008 as confirmed mailinglist post (Bugtraq). The advisory is shared for download at seclists.org. This vulnerability was named CVE-2013-0928 since 01/09/2013. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. Technical details and also a public exploit are known. The current price for an exploit might be approx. USD $0-$5k (estimation calculated on 06/16/2025). The MITRE ATT&CK project declares the attack technique as T1202.
A public exploit has been developed by Metasploit in Ruby and been published 2 years after the advisory. It is possible to download the exploit at securityfocus.com. It is declared as highly functional. As 0-day the estimated underground price was around $25k-$100k. The commercial vulnerability scanner Qualys is able to test this issue with plugin 120877 (EMC AlphaStor Multiple Vulnerabilities).
Upgrading to version 4.0 build 800 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 13001.
The vulnerability is also documented in the databases at X-Force (81432), Exploit-DB (34756), SecurityFocus (BID 57472†), OSVDB (89436†) and Secunia (SA51930†). The entries VDB-7443 and VDB-63472 are related to this item. Once again VulDB remains the best source for vulnerability data.
Product
Vendor
Name
Version
License
Website
- Vendor: https://www.dellemc.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 9.8VulDB Meta Temp Score: 9.4
VulDB Base Score: 9.8
VulDB Temp Score: 9.4
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Os command injectionCWE: CWE-78 / CWE-77 / CWE-74
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Highly functional
Author: Metasploit
Programming Language: 🔍
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Saint ID: exploit_info/emc_alphastor_device_manager_cmd_injection
Saint Name: EMC AlphaStor Device Manager Command Injection
Qualys ID: 🔍
Qualys Name: 🔍
MetaSploit ID: alphastor_device_manager_exec.rb
MetaSploit Name: EMC AlphaStor Device Manager Opcode 0x75 Command Injection
MetaSploit File: 🔍
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Exploit Delay Time: 🔍
Upgrade: AlphaStor 4.0 build 800
TippingPoint: 🔍
McAfee IPS: 🔍
McAfee IPS Version: 🔍
ISS Proventia IPS: 🔍
PaloAlto IPS: 🔍
Fortigate IPS: 🔍
Timeline
01/09/2013 🔍01/18/2013 🔍
01/18/2013 🔍
01/18/2013 🔍
01/18/2013 🔍
01/21/2013 🔍
01/22/2013 🔍
01/22/2013 🔍
01/24/2013 🔍
08/13/2013 🔍
09/24/2014 🔍
09/24/2014 🔍
06/16/2025 🔍
Sources
Vendor: dellemc.comAdvisory: ESA-2012-008
Researcher: Aniway.Anyway
Organization: Zero Day Initiative
Status: Confirmed
CVE: CVE-2013-0928 (🔍)
GCVE (CVE): GCVE-0-2013-0928
GCVE (VulDB): GCVE-100-7444
X-Force: 81432
SecurityFocus: 57472 - EMC AlphaStor Format String and Command Injection Vulnerabilities
Secunia: 51930 - EMC AlphaStor Command Injection and Format String Vulnerabilities, Moderately Critical
OSVDB: 89436
SecurityTracker: 1028020 - EMC AlphaStor Command Injection and Format String Flaws Let Remote Users Execute Arbitrary Code
Vulnerability Center: 41003 - EMC AlphaStor 4.0 Before Build 800 Device Manager Allows Remote Code Execution, Critical
scip Labs: https://www.scip.ch/en/?labs.20161013
See also: 🔍
Entry
Created: 01/24/2013 14:16Updated: 06/16/2025 05:41
Changes: 01/24/2013 14:16 (85), 05/08/2017 09:09 (15), 06/16/2025 05:41 (16)
Complete: 🔍
Committer: olku
Cache ID: 216:32C:103
No comments yet. Languages: en.
Please log in to comment.