CVE-2017-8023

CRITICAL

Dell EMC NetWorker 8.2.0.0-8.2.4.11 - Unauthenticated Remote Code Execution via RPC Service

Title source: llm
STIX 2.1

Description

EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the Networker Client execution service (nsrexecd) when oldauth authentication method is used. An unauthenticated remote attacker could send arbitrary commands via RPC service to be executed on the host system with the privileges of the nsrexecd service, which runs with administrative privileges.

References (2)

Core 2
Core References
Mailing List, Third Party Advisory x_refsource_misc
https://seclists.org/fulldisclosure/2019/Mar/50
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/107712

Scores

CVSS v3 9.8
EPSS 0.1065
EPSS Percentile 93.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-287
Status published
Products (1)
dell/emc_networker 8.2.0.0 - 8.2.4.11
Published Apr 01, 2019
Tracked Since Feb 18, 2026