Emc Networker vulnerabilities
19 known vulnerabilities affecting emc/networker.
Total CVEs
19
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL6HIGH7MEDIUM5LOW1
Vulnerabilities
Page 1 of 1
CVE-2012-2288P2CRITICALCVSS 9.3PoCv7.6.3v7.6.4+1 more2012-09-04
CVE-2012-2288 [CRITICAL] CWE-134 CVE-2012-2288: Format string vulnerability in the nsrd RPC service in EMC NetWorker 7.6.3 and 7.6.4 before 7.6.4.1,
Format string vulnerability in the nsrd RPC service in EMC NetWorker 7.6.3 and 7.6.4 before 7.6.4.1, and 8.0 before 8.0.0.1, allows remote attackers to execute arbitrary code via format string specifiers in a message.
nvd
CVE-2016-0916P2CRITICALCVSS 9.8≥ 8.2.1.0, ≤ 8.2.1.8≥ 8.2.2.0, < 8.2.2.6+1 more2016-06-10
CVE-2016-0916 [CRITICAL] CWE-287 CVE-2016-0916: EMC NetWorker 8.2.1.x and 8.2.2.x before 8.2.2.6 and 9.x before 9.0.0.6 mishandles authentication, w
EMC NetWorker 8.2.1.x and 8.2.2.x before 8.2.2.6 and 9.x before 9.0.0.6 mishandles authentication, which allows remote attackers to execute arbitrary commands by leveraging access to a different NetWorker instance.
nvd
CVE-2017-15548P2CRITICALCVSS 9.8v9.0v9.1+1 more2018-01-05
CVE-2017-15548 [CRITICAL] CWE-287 CVE-2017-15548: An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtua
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote unauthenticated malicious user can potentially bypass application authentication and gain unauthorized root access to the affected systems.
nvd
CVE-2017-15550P3HIGHCVSS 8.8v9.0v9.1+1 more2018-01-05
CVE-2017-15550 [HIGH] CWE-22 CVE-2017-15550: An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtua
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could access arbitrary files on the server file system in the context of the running vulnerable application v
nvd
CVE-2006-3892P3CRITICALCVSS 10.0v7.3.22007-03-02
CVE-2006-3892 [CRITICAL] CVE-2006-3892: The Management Console server in EMC NetWorker (formerly Legato NetWorker) 7.3.2 before Jumbo Update
The Management Console server in EMC NetWorker (formerly Legato NetWorker) 7.3.2 before Jumbo Update 1 uses weak authentication, which allows remote attackers to execute arbitrary commands.
nvd
CVE-2017-15549P3HIGHCVSS 8.8v9.0v9.1+1 more2018-01-05
CVE-2017-15549 [HIGH] CWE-434 CVE-2017-15549: An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtua
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system.
nvd
CVE-2017-8022P3HIGHCVSS 8.1≤ 8.2.4.8v9.0.0.3+23 more2017-10-18
CVE-2017-8022 [HIGH] CWE-119 CVE-2017-8022: An issue was discovered in EMC NetWorker (prior to 8.2.4.9, all supported 9.0.x versions, prior to 9
An issue was discovered in EMC NetWorker (prior to 8.2.4.9, all supported 9.0.x versions, prior to 9.1.1.3, prior to 9.2.0.4). The Server service (nsrd) is affected by a buffer overflow vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code on vulnerable installations of the software, or cau
nvd
CVE-2012-4607P3CRITICALCVSS 9.3v7.5v7.5.2.0+46 more2013-01-17
CVE-2012-4607 [CRITICAL] CWE-119 CVE-2012-4607: Buffer overflow in nsrindexd in EMC NetWorker 7.5.x and 7.6.x before 7.6.5, and 8.x before 8.0.0.6,
Buffer overflow in nsrindexd in EMC NetWorker 7.5.x and 7.6.x before 7.6.5, and 8.x before 8.0.0.6, allows remote attackers to execute arbitrary code via crafted SunRPC data.
nvd
CVE-2012-0395P3CRITICALCVSS 9.3v7.5v7.5.2.0+30 more2012-01-27
CVE-2012-0395 [CRITICAL] CWE-119 CVE-2012-0395: Buffer overflow in the server in EMC NetWorker 7.5.x and 7.6.x before 7.6.3 SP1 Cumulative Release b
Buffer overflow in the server in EMC NetWorker 7.5.x and 7.6.x before 7.6.3 SP1 Cumulative Release build 851 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors.
nvd
CVE-2015-6849P3HIGHCVSS 7.8v8.0.4.4v8.1.0.0+47 more2015-12-05
CVE-2015-6849 [HIGH] CWE-20 CVE-2015-6849: EMC NetWorker before 8.0.4.5, 8.1.x before 8.1.3.6, 8.2.x before 8.2.2.2, and 9.0 before build 407 a
EMC NetWorker before 8.0.4.5, 8.1.x before 8.1.3.6, 8.2.x before 8.2.2.2, and 9.0 before build 407 allows remote attackers to cause a denial of service (process outage) via malformed RPC authentication messages.
nvd
CVE-2011-0321P4MEDIUMCVSS 6.4≤ 7.5v6.0+19 more2011-02-01
CVE-2011-0321 [MEDIUM] CWE-264 CVE-2011-0321: librpc.dll in nsrexecd in EMC NetWorker before 7.5 SP4, 7.5.3.x before 7.5.3.5, and 7.6.x before 7.6
librpc.dll in nsrexecd in EMC NetWorker before 7.5 SP4, 7.5.3.x before 7.5.3.5, and 7.6.x before 7.6.1.2 does not properly mitigate the possibility of a spoofed localhost source IP address, which allows remote attackers to (1) register or (2) unregister RPC services, and consequently cause a denial of service or obtain sensitive information from inter
nvd
CVE-2001-0910P4HIGHCVSS 7.5v6.02001-11-21
CVE-2001-0910 [HIGH] CVE-2001-0910: Legato Networker before 6.1 allows remote attackers to bypass access restrictions and gain privilege
Legato Networker before 6.1 allows remote attackers to bypass access restrictions and gain privileges on the Networker interface by spoofing the admin server name and IP address and connecting to Networker from an IP address whose hostname can not be determined by a DNS reverse lookup.
nvd
CVE-2015-0530P4HIGHCVSS 7.2≤ 8.0.4.3v8.1.0.0+30 more2015-04-17
CVE-2015-0530 [HIGH] CWE-119 CVE-2015-0530: Buffer overflow in an unspecified function in nsr_render_log in EMC NetWorker before 8.0.4.3, 8.1.x
Buffer overflow in an unspecified function in nsr_render_log in EMC NetWorker before 8.0.4.3, 8.1.x before 8.1.2.6, and 8.2.x before 8.2.1.2 allows local users to gain privileges via unknown vectors.
nvd
CVE-2013-0940P4HIGHCVSS 7.2≤ 7.6.5.2v6.0+60 more2013-05-03
CVE-2013-0940 [HIGH] CWE-264 CVE-2013-0940: The nsrpush process in the client in EMC NetWorker before 7.6.5.3 and 8.x before 8.0.1.4 sets weak p
The nsrpush process in the client in EMC NetWorker before 7.6.5.3 and 8.x before 8.0.1.4 sets weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors.
nvd
CVE-2011-1421P4MEDIUMCVSS 6.9v7.5.2.0v7.5.2.1+26 more2011-04-22
CVE-2011-1421 [MEDIUM] CWE-264 CVE-2011-1421: EMC NetWorker 7.5.x before 7.5.4.3 and 7.6.x before 7.6.1.5, when the client push feature is enabled
EMC NetWorker 7.5.x before 7.5.4.3 and 7.6.x before 7.6.1.5, when the client push feature is enabled, uses weak permissions for an unspecified file, which allows local users to gain privileges via unknown vectors.
nvd
CVE-2013-3285P4LOWCVSS 3.5v8.0v8.0.0.1+12 more2013-11-02
CVE-2013-3285 [LOW] CWE-310 CVE-2013-3285: The NetWorker Management Console (NMC) in EMC NetWorker 8.0.x before 8.0.2.3, when using Active Dire
The NetWorker Management Console (NMC) in EMC NetWorker 8.0.x before 8.0.2.3, when using Active Directory/LDAP for authentication, allows remote authenticated users to discover cleartext administrator passwords via (1) unspecified NMC audit reports or (2) requests to RAP resources.
nvd
CVE-2013-0943P4MEDIUMCVSS 4.6v7.6v7.6.0.2+39 more2013-07-31
CVE-2013-0943 [MEDIUM] CWE-200 CVE-2013-0943: EMC NetWorker 7.6.x and 8.x before 8.1 allows local users to obtain sensitive configuration informat
EMC NetWorker 7.6.x and 8.x before 8.1 allows local users to obtain sensitive configuration information by leveraging operating-system privileges to perform decryption with nsradmin.
nvd
CVE-2002-0114P4MEDIUMCVSS 4.6v6.12002-03-25
CVE-2002-0114 [MEDIUM] CVE-2002-0114: EMC NetWorker (formerly Legato NetWorker) before 7.0 stores passwords in plaintext in the daemon.log
EMC NetWorker (formerly Legato NetWorker) before 7.0 stores passwords in plaintext in the daemon.log file, which allows local users to gain privileges by reading the password from the file. NOTE: this was originally reported for Legato NetWorker 6.1 on the Solaris 7 platform.
nvd
CVE-2002-0113P4MEDIUMCVSS 4.6v6.12002-03-25
CVE-2002-0113 [MEDIUM] CVE-2002-0113: EMC NetWorker (formerly Legato NetWorker) before 7.0 stores log files in the /nsr/logs/ directory wi
EMC NetWorker (formerly Legato NetWorker) before 7.0 stores log files in the /nsr/logs/ directory with world-readable permissions, which allows local users to read sensitive information and possibly gain privileges. NOTE: this was originally reported for Legato NetWorker 6.1 on the Solaris 7 platform.
nvd