CVE-2017-8022

HIGH

EMC NetWorker < 8.2.4.9, 9.0.x, < 9.1.1.3, < 9.2.0.4 - Remote Code Execution via Buffer Overflow in nsrd

Title source: llm
STIX 2.1

Description

An issue was discovered in EMC NetWorker (prior to 8.2.4.9, all supported 9.0.x versions, prior to 9.1.1.3, prior to 9.2.0.4). The Server service (nsrd) is affected by a buffer overflow vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code on vulnerable installations of the software, or cause a denial of service, depending on the target system's platform.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1039583
Mailing List, Third Party Advisory x_refsource_confirm
http://seclists.org/fulldisclosure/2017/Oct/35

Scores

CVSS v3 8.1
EPSS 0.0182
EPSS Percentile 83.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (26)
emc/networker 9.0.0.3
emc/networker 9.0.0.4
emc/networker 9.0.0.5
emc/networker 9.0.0.6
emc/networker 9.0.0.7
emc/networker 9.0.0.8
emc/networker 9.0.1.1
emc/networker 9.0.1.2
emc/networker 9.0.1.3
emc/networker 9.0.1.4
... and 16 more
Published Oct 18, 2017
Tracked Since Feb 18, 2026