Executive Summary

Title EMC AutoStart is vulnerable to remote code execution via specially crafted packets
Name VU#581276 First vendor Publication 2015-04-30
Vendor VU-CERT Last vendor Modification 2015-04-30
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Vulnerability Note VU#581276

EMC AutoStart is vulnerable to remote code execution via specially crafted packets

Original Release date: 30 Apr 2015 | Last revised: 30 Apr 2015


EMC AutoStart, version 5.5.0 and earlier, is vulnerable to remote command execution via specially crafted packets.


EMC AutoStart is an enterprise software application developed to help networks and service maintain a high level of availability. AutoStart can manage clusters of applications or nodes as well as single instances.

Affected versions of EMC AutoStart fail to communicate securely between nodes, leading to the possibility of packet injection. Remote code execution with SYSTEM or root privileges is possible for attackers with knowledge of the AutoStart domain name. By sending crafted packets to the ftagent running on the remote system, it is possible to run commands to write and execute data to an absolute or relative file path on the remote system.


A remote, unauthenticated user may be able to execute arbitrary commands with SYSTEM or root privileges.


Apply an update

EMC has released update (HF4) to address this vulnerability. Please contact EMC Technical Support to request the hot fix (reference hotfix 1073, service alert 1078). Affected users should update to the latest version as soon as possible.

Use a firewall to limit access

System administrators can set the system firewall to limit TCP port 8045 access to known good systems that run the EMC AutoStart controller application.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
EMC CorporationAffected08 Sep 201428 Apr 2015
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)



  • http://www.emc.com/storage/autostart.htm


Thanks to the reporter who wishes to remain anonymous.

This document was written by Garret Wassermann.

Other Information

  • CVE IDs:CVE-2015-0538
  • Date Public:30 Apr 2015
  • Date First Published:30 Apr 2015
  • Date Last Updated:30 Apr 2015
  • Document Revision:38


If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/581276

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-77 Improper Sanitization of Special Elements used in a Command ('Command Injection')

CPE : Common Platform Enumeration

Application 8

Snort® IPS/IDS

Date Description
2015-09-15 EMC AutoStart ftagent SQL injection attempt
RuleID : 35541 - Revision : 3 - Type : SERVER-OTHER
2015-09-15 EMC AutoStart ftagent SQL injection attempt
RuleID : 35540 - Revision : 2 - Type : SERVER-OTHER
2015-09-15 EMC AutoStart ftagent insecure opcode 20 subcode 2219 access attempt
RuleID : 35539 - Revision : 2 - Type : POLICY-OTHER
2015-09-15 EMC AutoStart ftagent insecure opcode 20 subcode 2060 access attempt
RuleID : 35538 - Revision : 2 - Type : POLICY-OTHER

Nessus® Vulnerability Scanner

Date Description
2015-05-14 Name : The remote host is affected by a remote code execution vulnerability.
File : emc_autostart_ftagent_esa-2015-084.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
Date Informations
2015-05-15 13:29:17
  • Multiple Updates
2015-05-07 21:27:20
  • Multiple Updates
2015-05-07 09:28:23
  • Multiple Updates
2015-05-01 00:24:45
  • First insertion