CVE-2011-0647

EMC Replication Manager < 5.2.3 - Improper Input Validation

Title source: rule

Description

The irccd.exe service in EMC Replication Manager Client before 5.3 and NetWorker Module for Microsoft Applications 2.1.x and 2.2.x allows remote attackers to execute arbitrary commands via the RunProgram function to TCP port 6542.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/41704

View Code ZIP pw:eip

metasploit WORKING POC GREAT

by Unknown, Davy Douhine · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/emc/replication_manager_exec.rb

View Code ZIP pw:eip

References (8)

[Vendor Advisory] http://secunia.com/advisories/43164

[Vendor Advisory] http://www.vupen.com/english/advisories/2011/0304

[Third Party Advisory] http://www.zerodayinitiative.com/advisories/ZDI-11-061/

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/516260

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/516282/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/46235

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/65205

[Third Party Advisory, VDB Entry] http://osvdb.org/70853

Scores

EPSS 0.7316

EPSS Percentile 98.8%

Classification

CWE

CWE-20

Status draft

Affected Products (6)

emc/replication_manager < 5.2.3

emc/replication_manager

emc/networker_module

Timeline

Published Feb 10, 2011

Tracked Since Feb 18, 2026