cnvd - cnvd-2019-08292

CNVD-2019-08292

Vulnerability from cnvd - Published: 2019-03-28

Title

Dell EMC NetWorker远程代码执行漏洞

Description

Dell EMC NetWorker是美国戴尔（Dell）公司的一套统一备份和恢复软件。该软件提供备份与恢复、消除重复数据、备份报告等功能。 Dell EMC NetWorker中的Networker Client execution服务（nsrexecd）存在安全漏洞。远程攻击者可借助RPC服务利用该漏洞发送并在主机系统上以nsrexecd服务权限执行任意命令。

Severity

高

Patch Name

Dell EMC NetWorker远程代码执行漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： https://www.dellemc.com/

Reference

https://packetstormsecurity.com/files/152245/EMC-Networker-Remote-Code-Execution.html

Impacted products

Name
['Dell EMC NetWorker 9.0.', 'Dell EMC NetWorker 8.2.', 'Dell EMC NetWorker <9.1.1.5', 'Dell EMC NetWorker <9.2.1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-8023"
    }
  },
  "description": "Dell EMC NetWorker\u662f\u7f8e\u56fd\u6234\u5c14\uff08Dell\uff09\u516c\u53f8\u7684\u4e00\u5957\u7edf\u4e00\u5907\u4efd\u548c\u6062\u590d\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u63d0\u4f9b\u5907\u4efd\u4e0e\u6062\u590d\u3001\u6d88\u9664\u91cd\u590d\u6570\u636e\u3001\u5907\u4efd\u62a5\u544a\u7b49\u529f\u80fd\u3002\n\nDell EMC NetWorker\u4e2d\u7684Networker Client execution\u670d\u52a1\uff08nsrexecd\uff09\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9RPC\u670d\u52a1\u5229\u7528\u8be5\u6f0f\u6d1e\u53d1\u9001\u5e76\u5728\u4e3b\u673a\u7cfb\u7edf\u4e0a\u4ee5nsrexecd\u670d\u52a1\u6743\u9650\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002",
  "discovererName": "unKnow",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://www.dellemc.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-08292",
  "openTime": "2019-03-28",
  "patchDescription": "Dell EMC NetWorker\u662f\u7f8e\u56fd\u6234\u5c14\uff08Dell\uff09\u516c\u53f8\u7684\u4e00\u5957\u7edf\u4e00\u5907\u4efd\u548c\u6062\u590d\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u63d0\u4f9b\u5907\u4efd\u4e0e\u6062\u590d\u3001\u6d88\u9664\u91cd\u590d\u6570\u636e\u3001\u5907\u4efd\u62a5\u544a\u7b49\u529f\u80fd\u3002\r\n\r\nDell EMC NetWorker\u4e2d\u7684Networker Client execution\u670d\u52a1\uff08nsrexecd\uff09\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9RPC\u670d\u52a1\u5229\u7528\u8be5\u6f0f\u6d1e\u53d1\u9001\u5e76\u5728\u4e3b\u673a\u7cfb\u7edf\u4e0a\u4ee5nsrexecd\u670d\u52a1\u6743\u9650\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Dell EMC NetWorker\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Dell EMC NetWorker 9.0.*",
      "Dell EMC NetWorker 8.2.*",
      "Dell EMC NetWorker \u003c9.1.1.5",
      "Dell EMC NetWorker \u003c9.2.1"
    ]
  },
  "referenceLink": "https://packetstormsecurity.com/files/152245/EMC-Networker-Remote-Code-Execution.html",
  "serverity": "\u9ad8",
  "submitTime": "2019-03-28",
  "title": "Dell EMC NetWorker\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

CVE-2017-8023 (GCVE-0-2017-8023)

Vulnerability from cvelistv5 – Published: 2019-04-01 20:54 – Updated: 2024-09-16 17:19

Title

EMC Networker Remote Code Execution Vulnerability

Summary

EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the Networker Client execution service (nsrexecd) when oldauth authentication method is used. An unauthenticated remote attacker could send arbitrary commands via RPC service to be executed on the host system with the privileges of the nsrexecd service, which runs with administrative privileges.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Remote Code Execution Vulnerability

Assigner

dell

References

URL

Tags

	https://seclists.org/fulldisclosure/2019/Mar/50	x_refsource_MISC
	http://www.securityfocus.com/bid/107712	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	Dell EMC	Networker	Affected: 8.2.X Affected: 9.0.X Affected: unspecified , < 9.1.15 (custom) Affected: unspecified , < 9.2.1 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:19:29.538Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://seclists.org/fulldisclosure/2019/Mar/50"
          },
          {
            "name": "107712",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107712"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Networker",
          "vendor": "Dell EMC",
          "versions": [
            {
              "status": "affected",
              "version": "8.2.X"
            },
            {
              "status": "affected",
              "version": "9.0.X"
            },
            {
              "lessThan": "9.1.15",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "9.2.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-03-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the Networker Client execution service (nsrexecd) when oldauth authentication method is used. An unauthenticated remote attacker could send arbitrary commands via RPC service to be executed on the host system with the privileges of the nsrexecd service, which runs with administrative privileges."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution Vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-04-04T06:06:07",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://seclists.org/fulldisclosure/2019/Mar/50"
        },
        {
          "name": "107712",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107712"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "EMC Networker Remote Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.0.6"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "DATE_PUBLIC": "2019-03-26T04:00:00.000Z",
          "ID": "CVE-2017-8023",
          "STATE": "PUBLIC",
          "TITLE": "EMC Networker Remote Code Execution Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Networker",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "8.2.X"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "9.0.X"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "9.1.15"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "9.2.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Dell EMC"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the Networker Client execution service (nsrexecd) when oldauth authentication method is used. An unauthenticated remote attacker could send arbitrary commands via RPC service to be executed on the host system with the privileges of the nsrexecd service, which runs with administrative privileges."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.6"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote Code Execution Vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://seclists.org/fulldisclosure/2019/Mar/50",
              "refsource": "MISC",
              "url": "https://seclists.org/fulldisclosure/2019/Mar/50"
            },
            {
              "name": "107712",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107712"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2017-8023",
    "datePublished": "2019-04-01T20:54:47.193333Z",
    "dateReserved": "2017-04-21T00:00:00",
    "dateUpdated": "2024-09-16T17:19:13.577Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2019-08292

CVE-2017-8023 (GCVE-0-2017-8023)

Tags

Sightings

Nomenclature