Remote code execution

2019-04-0121:29:00

PRIOn knowledge base

www.prio-n.com

9.9 High

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.2%

JSON

EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the Networker Client execution service (nsrexecd) when oldauth authentication method is used. An unauthenticated remote attacker could send arbitrary commands via RPC service to be executed on the host system with the privileges of the nsrexecd service, which runs with administrative privileges.

CPENameOperatorVersion
emc_networkerge8.2.0.0
emc_networkerlt8.2.4.11
emc_networkerge9.1.0.0
emc_networkerlt9.1.1.5
emc_networkerge9.0.0.0
emc_networkerle9.0.1.9
emc_networkerge9.2.0.0
emc_networkerlt9.2.1.0

Name	Operator	Version
emc_networker	ge	8.2.0.0
emc_networker	lt	8.2.4.11
emc_networker	ge	9.1.0.0
emc_networker	lt	9.1.1.5
emc_networker	ge	9.0.0.0
emc_networker	le	9.0.1.9
emc_networker	ge	9.2.0.0
emc_networker	lt	9.2.1.0

References

www.securityfocus.com/bid/107712

seclists.org/fulldisclosure/2019/Mar/50