CVE-2001-0910 - Legato Networker before 6.1 allows remote attackers to bypass access restrictions and gain privilege

CVE-2001-0910

Summary

Legato Networker before 6.1 allows remote attackers to bypass access restrictions and gain privileges on the Networker interface by spoofing the admin server name and IP address and connecting to Networker from an IP address whose hostname can not be determined by a DNS reverse lookup.

References

http://marc.info/?l=bugtraq&m=100638782917917&w=2
http://www.securityfocus.com/bid/3564
https://exchange.xforce.ibmcloud.com/vulnerabilities/7601

Vulnerable Configurations

cpe:2.3:a:emc:networker:6.0:*:*:*:*:*:*:*
cpe:2.3:a:emc:networker:6.0:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 19-12-2017 - 02:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	3564
bugtraq	20011121 Legato Networker vulnerability
xf	networker-reverse-dns-bypass-auth(7601)

Last major update

19-12-2017 - 02:29

Published

21-11-2001 - 05:00

Last modified

19-12-2017 - 02:29