CVE-2017-8022 (GCVE-0-2017-8022)
Vulnerability from cvelistv5
Published
2017-10-18 15:00
Modified
2024-08-05 16:19
Severity ?
CWE
  • Buffer Overflow Vulnerability
Summary
An issue was discovered in EMC NetWorker (prior to 8.2.4.9, all supported 9.0.x versions, prior to 9.1.1.3, prior to 9.2.0.4). The Server service (nsrd) is affected by a buffer overflow vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code on vulnerable installations of the software, or cause a denial of service, depending on the target system's platform.
References
security_alert@emc.comhttp://seclists.org/fulldisclosure/2017/Oct/35Mailing List, Third Party Advisory
security_alert@emc.comhttp://www.securitytracker.com/id/1039583Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2017/Oct/35Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1039583Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
n/a EMC NetWorker prior to 8.2.4.9, 9.0.x (all supported versions), prior to 9.1.1.3, prior to 9.2.0.4 Version: EMC NetWorker prior to 8.2.4.9, 9.0.x (all supported versions), prior to 9.1.1.3, prior to 9.2.0.4
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:19:29.648Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1039583",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039583"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2017/Oct/35"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "EMC NetWorker prior to 8.2.4.9, 9.0.x (all supported versions), prior to 9.1.1.3, prior to 9.2.0.4",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "EMC NetWorker prior to 8.2.4.9, 9.0.x (all supported versions), prior to 9.1.1.3, prior to 9.2.0.4"
            }
          ]
        }
      ],
      "datePublic": "2017-10-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in EMC NetWorker (prior to 8.2.4.9, all supported 9.0.x versions, prior to 9.1.1.3, prior to 9.2.0.4). The Server service (nsrd) is affected by a buffer overflow vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code on vulnerable installations of the software, or cause a denial of service, depending on the target system\u0027s platform."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Buffer Overflow Vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-19T09:57:01",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "1039583",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039583"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://seclists.org/fulldisclosure/2017/Oct/35"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2017-8022",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "EMC NetWorker prior to 8.2.4.9, 9.0.x (all supported versions), prior to 9.1.1.3, prior to 9.2.0.4",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "EMC NetWorker prior to 8.2.4.9, 9.0.x (all supported versions), prior to 9.1.1.3, prior to 9.2.0.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in EMC NetWorker (prior to 8.2.4.9, all supported 9.0.x versions, prior to 9.1.1.3, prior to 9.2.0.4). The Server service (nsrd) is affected by a buffer overflow vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code on vulnerable installations of the software, or cause a denial of service, depending on the target system\u0027s platform."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Buffer Overflow Vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1039583",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039583"
            },
            {
              "name": "http://seclists.org/fulldisclosure/2017/Oct/35",
              "refsource": "CONFIRM",
              "url": "http://seclists.org/fulldisclosure/2017/Oct/35"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2017-8022",
    "datePublished": "2017-10-18T15:00:00",
    "dateReserved": "2017-04-21T00:00:00",
    "dateUpdated": "2024-08-05T16:19:29.648Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-8022\",\"sourceIdentifier\":\"security_alert@emc.com\",\"published\":\"2017-10-18T15:29:00.737\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in EMC NetWorker (prior to 8.2.4.9, all supported 9.0.x versions, prior to 9.1.1.3, prior to 9.2.0.4). The Server service (nsrd) is affected by a buffer overflow vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code on vulnerable installations of the software, or cause a denial of service, depending on the target system\u0027s platform.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto un problema en EMC NetWorker (versiones anteriores a la 8.2.4.9, todas las versiones 9.0.x con soporte, las anteriores a la 9.1.1.3 y las anteriores a la 9.2.0.4). El servicio Server (nsrd) se ha visto afectado por una vulnerabilidad de desbordamiento de b\u00fafer. Un atacante remoto no autenticado podr\u00eda explotar esta vulnerabilidad para ejecutar c\u00f3digo arbitrario en instalaciones vulnerables del software o provocar una denegaci\u00f3n de servicio, dependiendo de la plataforma del sistema objetivo.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:networker:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.2.4.8\",\"matchCriteriaId\":\"504CDC85-F6DE-4995-B19E-4E29D0B004A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:networker:9.0.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"320CDE7C-254C-465E-AB1C-EB2705098A24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:networker:9.0.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"973EACF3-9A27-4384-A32B-AF3C94E2C016\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:networker:9.0.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69A694E8-43C7-4521-BB4F-69874553F495\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:networker:9.0.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8D29803-7F5B-4A55-AE34-B77B49AAB3FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:networker:9.0.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"643079B8-7074-40DB-A8CC-D15E8408E34E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:networker:9.0.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4282310-F646-485D-82F3-26D5F545A999\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:networker:9.0.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"922E6EAD-B2EE-4593-8B92-0496FFB7E40F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:networker:9.0.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB3193D3-5B8F-4D6B-9904-29F231D48574\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:networker:9.0.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB6F04FD-B8B7-4A44-B0F1-F6E999E66937\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:networker:9.0.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F604839-43F3-4F85-B45E-EE63924E1A9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:networker:9.0.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38C00A1A-2E11-45D7-9E83-D64F24F81299\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:networker:9.0.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6DF1A99-B5D8-46C4-A291-D3CB55A95E10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:networker:9.0.1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80A9C4B4-CE28-45A8-93DD-9CD833082237\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:networker:9.0.1.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C648EF3C-1C68-4A6E-A9F4-C0EE10FDE9F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:networker:9.0.1.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E715F74F-EEE5-45AB-B7D0-FEBB23F029CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:networker:9.1.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2870EA3-D157-4584-9052-D8BD84FBFB45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:networker:9.1.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9BAC60D-694D-4D82-B8F8-3E12F7B54DB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:networker:9.1.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1740DEF3-E880-4D0A-8FB3-919108AC79CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:networker:9.1.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3DF4BA6-AD34-48E2-80ED-1FD60ABD41C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:networker:9.1.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3AA35C1C-42F8-4DDF-B946-23BB751E8BBD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:networker:9.1.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03FF8B7F-4E88-4903-87BC-9381BE7753A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:networker:9.2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B01B7004-6EC2-4D97-B416-9F878C8BBB33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:networker:9.2.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C26184C-AC7A-4B13-8774-8F5385D3487A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:networker:9.2.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91E05EA1-EBD2-4A56-A0DF-670442FCDD2F\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2017/Oct/35\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1039583\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2017/Oct/35\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1039583\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.