ID CVE-2005-0358
Summary EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 6.0 through 7.2 do not properly verify authentication tokens, which allows remote attackers to gain privileges by modifying an authentication token.
References
Vulnerable Configurations
  • cpe:2.3:a:emc:legato_networker:4.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:emc:legato_networker:4.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:emc:legato_networker:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:emc:legato_networker:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:emc:legato_networker:6.1:*:*:*:*:*:*:*
    cpe:2.3:a:emc:legato_networker:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:emc:legato_networker:7.2:*:*:*:*:*:*:*
    cpe:2.3:a:emc:legato_networker:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:emc:legato_networker:7.13:*:*:*:*:*:*:*
    cpe:2.3:a:emc:legato_networker:7.13:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:solstice_backup:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:sun:solstice_backup:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:solstice_backup:6.1:*:*:*:*:*:*:*
    cpe:2.3:a:sun:solstice_backup:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:storedge_enterprise_backup_software:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:sun:storedge_enterprise_backup_software:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:storedge_enterprise_backup_software:7.1:*:*:*:*:*:*:*
    cpe:2.3:a:sun:storedge_enterprise_backup_software:7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:storedge_enterprise_backup_software:7.2:*:*:*:*:*:*:*
    cpe:2.3:a:sun:storedge_enterprise_backup_software:7.2:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 11-07-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 14582
cert-vn VU#407641
confirm http://www.legato.com/support/websupport/product_alerts/081605_NW_token_authentication.htm
osvdb 18801
sectrack 1014713
secunia
  • 16464
  • 16470
sunalert 101886
xf legato-token-gain-privileges(21892)
Last major update 11-07-2017 - 01:32
Published 23-08-2005 - 04:00
Last modified 11-07-2017 - 01:32
Back to Top