CVE-2016-0916

Properties

Published:
08.06.2016
Updated:
25.06.2016
Patch available:
Severity:
High
CVSS vector:
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Product:
emc: networker
emc: networker
emc: networker

Vulnerability description

EMC NetWorker 8.2.1.x and 8.2.2.x before 8.2.2.6 and 9.x before 9.0.0.6 mishandles authentication, which allows remote attackers to execute arbitrary commands by leveraging access to a different NetWorker instance.

References:

SECTRACK: http://www.securitytracker.com/id/1036075
BUGTRAQ: http://seclists.org/bugtraq/2016/Jun/43
MISC: http://packetstormsecurity.com/files/137382/EMC-NetWorker-8.2.1.0-Remote-Code-Execution.html