{"api_version":"1","generated_at":"2026-04-23T21:00:11+00:00","cve":"CVE-2008-0640","urls":{"html":"https://cve.report/CVE-2008-0640","api":"https://cve.report/api/cve/CVE-2008-0640.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2008-0640","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2008-0640"},"summary":{"title":"CVE-2008-0640","description":"Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 does not authenticate connections between the console and the Ghost Management Agent, which allows remote attackers to execute arbitrary commands via unspecified RPC requests in conjunction with ARP spoofing.","state":"PUBLISHED","assigner":"mitre","published_at":"2008-02-08 02:00:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-287","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"10","severity":"","vector":"AV:N/AC:L/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"http://www.vupen.com/english/advisories/2008/0474","name":"http://www.vupen.com/english/advisories/2008/0474","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/28853","name":"http://secunia.com/advisories/28853","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Symantec Ghost Solution Suite Client Command Execution Vulnerability - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/27644","name":"http://www.securityfocus.com/bid/27644","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Symantec Ghost Solution Suite ARP Spoofing Authentication Bypass Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.securitytracker.com/id?1019356","name":"http://www.securitytracker.com/id?1019356","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityTracker.com Archives - Symantec Ghost Solution Suite Authentication Bug Lets Remote Users Execute Arbitrary Code","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.symantec.com/avcenter/security/Content/2008.02.07.html","name":"http://www.symantec.com/avcenter/security/Content/2008.02.07.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"404 Not Found","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2008-0640","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-0640","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2008","cve_id":"640","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"symantec","cpe5":"ghost_solutions_suite","cpe6":"1.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"640","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"symantec","cpe5":"ghost_solutions_suite","cpe6":"2.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"640","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"symantec","cpe5":"ghost_solutions_suite","cpe6":"2.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T07:54:22.594Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"28853","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/28853"},{"name":"ADV-2008-0474","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2008/0474"},{"name":"1019356","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1019356"},{"name":"27644","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/27644"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.symantec.com/avcenter/security/Content/2008.02.07.html"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2008-02-07T00:00:00.000Z","descriptions":[{"lang":"en","value":"Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 does not authenticate connections between the console and the Ghost Management Agent, which allows remote attackers to execute arbitrary commands via unspecified RPC requests in conjunction with ARP spoofing."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2008-02-13T10:00:00.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"28853","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/28853"},{"name":"ADV-2008-0474","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2008/0474"},{"name":"1019356","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1019356"},{"name":"27644","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/27644"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.symantec.com/avcenter/security/Content/2008.02.07.html"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2008-0640","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 does not authenticate connections between the console and the Ghost Management Agent, which allows remote attackers to execute arbitrary commands via unspecified RPC requests in conjunction with ARP spoofing."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"28853","refsource":"SECUNIA","url":"http://secunia.com/advisories/28853"},{"name":"ADV-2008-0474","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2008/0474"},{"name":"1019356","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1019356"},{"name":"27644","refsource":"BID","url":"http://www.securityfocus.com/bid/27644"},{"name":"http://www.symantec.com/avcenter/security/Content/2008.02.07.html","refsource":"CONFIRM","url":"http://www.symantec.com/avcenter/security/Content/2008.02.07.html"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2008-0640","datePublished":"2008-02-08T01:00:00.000Z","dateReserved":"2008-02-06T00:00:00.000Z","dateUpdated":"2024-08-07T07:54:22.594Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2008-02-08 02:00:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-287","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":true,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:symantec:ghost_solutions_suite:1.1:*:*:*:*:*:*:*","matchCriteriaId":"8A66AA7A-B410-45E8-8BB0-1F349BB30422"},{"vulnerable":true,"criteria":"cpe:2.3:a:symantec:ghost_solutions_suite:2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"27FA37CC-D408-4213-8A3F-C46C97008E33"},{"vulnerable":true,"criteria":"cpe:2.3:a:symantec:ghost_solutions_suite:2.0.1:*:*:*:*:*:*:*","matchCriteriaId":"BFEA8748-EE69-4803-96B1-9359F45022C7"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2008","CveId":"640","Ordinal":"1","Title":"CVE-2008-0640","CVE":"CVE-2008-0640","Year":"2008"},"notes":[{"CveYear":"2008","CveId":"640","Ordinal":"1","NoteData":"Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 does not authenticate connections between the console and the Ghost Management Agent, which allows remote attackers to execute arbitrary commands via unspecified RPC requests in conjunction with ARP spoofing.","Type":"Description","Title":"CVE-2008-0640"},{"CveYear":"2008","CveId":"640","Ordinal":"2","NoteData":"2008-02-07","Type":"Other","Title":"Published"},{"CveYear":"2008","CveId":"640","Ordinal":"3","NoteData":"2008-02-13","Type":"Other","Title":"Modified"}]}}}