Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2006-2155

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-03 May, 2006 | 10:00
Updated At-07 Aug, 2024 | 17:43
Rejected At-
Credits

EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and 7.5 before 7.5.1.105 allows local users to execute arbitrary code by replacing the Retrospect.exe file, possibly due to improper file permissions.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:03 May, 2006 | 10:00
Updated At:07 Aug, 2024 | 17:43
Rejected At:
▼CVE Numbering Authority (CNA)

EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and 7.5 before 7.5.1.105 allows local users to execute arbitrary code by replacing the Retrospect.exe file, possibly due to improper file permissions.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.vupen.com/english/advisories/2006/1612
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/19850
third-party-advisory
x_refsource_SECUNIA
http://kb.dantz.com/display/2n/articleDirect/index.asp?aid=9507&r=0.7344324
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/26227
vdb-entry
x_refsource_XF
Hyperlink: http://www.vupen.com/english/advisories/2006/1612
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/19850
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://kb.dantz.com/display/2n/articleDirect/index.asp?aid=9507&r=0.7344324
Resource:
x_refsource_CONFIRM
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/26227
Resource:
vdb-entry
x_refsource_XF
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.vupen.com/english/advisories/2006/1612
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/19850
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://kb.dantz.com/display/2n/articleDirect/index.asp?aid=9507&r=0.7344324
x_refsource_CONFIRM
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/26227
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2006/1612
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/19850
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://kb.dantz.com/display/2n/articleDirect/index.asp?aid=9507&r=0.7344324
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/26227
Resource:
vdb-entry
x_refsource_XF
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:03 May, 2006 | 10:02
Updated At:03 Apr, 2025 | 01:03

EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and 7.5 before 7.5.1.105 allows local users to execute arbitrary code by replacing the Retrospect.exe file, possibly due to improper file permissions.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.6MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 4.6
Base severity: MEDIUM
Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
ELAN Microelectronics Corporation
emc
>>retrospect>>Versions up to 6.5(inclusive)
cpe:2.3:a:emc:retrospect:*:*:windows:*:*:*:*:*
ELAN Microelectronics Corporation
emc
>>retrospect>>Versions up to 7.0(inclusive)
cpe:2.3:a:emc:retrospect:*:*:windows:*:*:*:*:*
ELAN Microelectronics Corporation
emc
>>retrospect>>Versions up to 7.5(inclusive)
cpe:2.3:a:emc:retrospect:*:*:windows:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Retrospect 7.5: Apply Retrospect Driver Update 7.5.1.105. http://ftp.dantz.com/pub/updates/ru751105.exe Retrospect 7.0: Apply Application Security Update 7.0.344 (requires Retrospect 7.0.326 or Retrospect Express 7.0.301). http://download.dantz.com/archives/Retro-EN_7_0_344.exe Retrospect 6.5: Apply Application Security Update 6.5.382 (requires Retrospect 6.5.350 or Retrospect Express 6.5.350). http://download.dantz.com/archives/Retro-EN_6_5_382.exe

Vendor Statements
References
HyperlinkSourceResource
http://kb.dantz.com/display/2n/articleDirect/index.asp?aid=9507&r=0.7344324cve@mitre.org
N/A
http://secunia.com/advisories/19850cve@mitre.org
Vendor Advisory
http://www.vupen.com/english/advisories/2006/1612cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/26227cve@mitre.org
N/A
http://kb.dantz.com/display/2n/articleDirect/index.asp?aid=9507&r=0.7344324af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/19850af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.vupen.com/english/advisories/2006/1612af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/26227af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://kb.dantz.com/display/2n/articleDirect/index.asp?aid=9507&r=0.7344324
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/19850
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2006/1612
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/26227
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://kb.dantz.com/display/2n/articleDirect/index.asp?aid=9507&r=0.7344324
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/19850
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2006/1612
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/26227
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

6Records found
CVE-2002-0114
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.07% / 20.65%
||
7 Day CHG~0.00%
Published-15 Mar, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EMC NetWorker (formerly Legato NetWorker) before 7.0 stores passwords in plaintext in the daemon.log file, which allows local users to gain privileges by reading the password from the file. NOTE: this was originally reported for Legato NetWorker 6.1 on the Solaris 7 platform.

Action-Not Available
Vendor-n/aELAN Microelectronics Corporation
Product-networkern/a
CVE-2002-0113
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.05% / 14.94%
||
7 Day CHG~0.00%
Published-15 Mar, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EMC NetWorker (formerly Legato NetWorker) before 7.0 stores log files in the /nsr/logs/ directory with world-readable permissions, which allows local users to read sensitive information and possibly gain privileges. NOTE: this was originally reported for Legato NetWorker 6.1 on the Solaris 7 platform.

Action-Not Available
Vendor-n/aELAN Microelectronics Corporation
Product-networkern/a
CVE-2016-9867
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.08% / 24.85%
||
7 Day CHG~0.00%
Published-06 Jan, 2017 | 22:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may be able to modify the kernel memory in the SCINI driver and may achieve code execution to escalate privileges to root on ScaleIO Data Client (SDC) servers.

Action-Not Available
Vendor-n/aELAN Microelectronics Corporation
Product-scaleioEMC ScaleIO versions before 2.0.1.1
CVE-2016-8214
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 24.32%
||
7 Day CHG~0.00%
Published-25 Jan, 2017 | 11:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3.0 and 7.3.1 contain a vulnerability that may allow malicious administrators to compromise Avamar servers.

Action-Not Available
Vendor-n/aELAN Microelectronics Corporation
Product-avamar_virtual_editionavamar_data_storeEMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3.0 and 7.3.1
CVE-2018-11080
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.06% / 17.36%
||
7 Day CHG~0.00%
Published-18 Oct, 2018 | 22:00
Updated-17 Sep, 2024 | 02:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains Improper File Permission Vulnerabilities. The application contains multiple configuration files with world-readable permissions that could allow an authenticated malicious user to utilize the file contents to potentially elevate their privileges.

Action-Not Available
Vendor-Dell Inc.ELAN Microelectronics Corporation
Product-secure_remote_servicesESRS Virtual Edition
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2014-4634
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.6||MEDIUM
EPSS-0.06% / 18.92%
||
7 Day CHG~0.00%
Published-30 Dec, 2014 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unquoted Windows search path vulnerability in EMC Replication Manager through 5.5.2 and AppSync before 2.1.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character.

Action-Not Available
Vendor-n/aELAN Microelectronics Corporation
Product-replication_managerappsyncn/a
Details not found