CVE-2013-0943

EMC NetWorker 7.6.x and 8.x before 8.1 allows local users to obtain sensitive configuration information by leveraging operating-system privileges to perform decryption with nsradmin.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:S/C:C/I:N/A:N

Exploitability : 3.1 / Impact : 6.9

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2013-07/0193.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:emc:networker:7.6:::::::*
	cpe:2.3:a:emc:networker:7.6:sp1::::::
	cpe:2.3:a:emc:networker:7.6:sp2::::::
	cpe:2.3:a:emc:networker:7.6.0.2:::::::*
	cpe:2.3:a:emc:networker:7.6.0.3:::::::*
	cpe:2.3:a:emc:networker:7.6.0.4:::::::*
	cpe:2.3:a:emc:networker:7.6.0.5:::::::*
	cpe:2.3:a:emc:networker:7.6.0.6:::::::*
	cpe:2.3:a:emc:networker:7.6.0.7:::::::*
	cpe:2.3:a:emc:networker:7.6.0.8:::::::*
	cpe:2.3:a:emc:networker:7.6.0.9:::::::*
	cpe:2.3:a:emc:networker:7.6.1:::::::*
	cpe:2.3:a:emc:networker:7.6.1.1:::::::*
	cpe:2.3:a:emc:networker:7.6.1.2:::::::*
	cpe:2.3:a:emc:networker:7.6.1.3:::::::*
	cpe:2.3:a:emc:networker:7.6.1.4:::::::*
	cpe:2.3:a:emc:networker:7.6.1.5:::::::*
	cpe:2.3:a:emc:networker:7.6.3:::::::*
	cpe:2.3:a:emc:networker:7.6.4:::::::*
	cpe:2.3:a:emc:networker:7.6.4.1:::::::*
	cpe:2.3:a:emc:networker:7.6.4.2:::::::*
	cpe:2.3:a:emc:networker:7.6.4.3:::::::*
	cpe:2.3:a:emc:networker:7.6.4.4:::::::*
	cpe:2.3:a:emc:networker:7.6.4.5:::::::*
	cpe:2.3:a:emc:networker:7.6.5:::::::*
	cpe:2.3:a:emc:networker:7.6.5.2:::::::*
	cpe:2.3:a:emc:networker:7.6.5.3:::::::*
	cpe:2.3:a:emc:networker:7.6.5.4:::::::*
	cpe:2.3:a:emc:networker:7.6.5.5:::::::*
	cpe:2.3:a:emc:networker:7.6.5.6:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:emc:networker:8.0:::::::*
	cpe:2.3:a:emc:networker:8.0.0.1:::::::*
	cpe:2.3:a:emc:networker:8.0.0.2:::::::*
	cpe:2.3:a:emc:networker:8.0.0.3:::::::*
	cpe:2.3:a:emc:networker:8.0.0.4:::::::*
	cpe:2.3:a:emc:networker:8.0.0.5:::::::*
	cpe:2.3:a:emc:networker:8.0.0.6:::::::*
	cpe:2.3:a:emc:networker:8.0.1.3:::::::*
	cpe:2.3:a:emc:networker:8.0.1.4:::::::*
	cpe:2.3:a:emc:networker:8.0.1.5:::::::*
	cpe:2.3:a:emc:networker:8.0.1.6:::::::*
	cpe:2.3:a:emc:networker:8.0.2.0:::::::*
	cpe:2.3:a:emc:networker:8.0.2.1:::::::*

History

No history.

Information

Published : 2013-07-31 13:20

Updated : 2013-07-31 13:20

NVD link : CVE-2013-0943

Mitre link : CVE-2013-0943

CVE.ORG link : CVE-2013-0943

JSON object : View

Products Affected

emc

networker

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2013-0943", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:S/C:C/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-07-31T13:20:24.137", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0193.html", "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "EMC NetWorker 7.6.x and 8.x before 8.1 allows local users to obtain sensitive configuration information by leveraging operating-system privileges to perform decryption with nsradmin."}, {"lang": "es", "value": "EMC NetWorker 7.6.x y 8.x anterior a 8.1, permite a usuarios locales obtener informaci\u00f3n sensible de la configuraci\u00f3n aprovechando los privilegios del sistema operativo para realizar un descifrado con nsradmin."}], "lastModified": "2013-07-31T13:20:24.137", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:emc:networker:7.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72846905-B210-4FC5-9B33-44901DEEFE37"}, {"criteria": "cpe:2.3:a:emc:networker:7.6:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89324C33-21D3-463A-9C52-C495F3DC3CD7"}, {"criteria": "cpe:2.3:a:emc:networker:7.6:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C13D9451-34DA-42FA-BC1E-2AEBB903B480"}, {"criteria": "cpe:2.3:a:emc:networker:7.6.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D87038FD-8115-4024-AB82-EFB0EF5B1C98"}, {"criteria": "cpe:2.3:a:emc:networker:7.6.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "985DDA57-DA2C-4EC7-BD42-F0B5E190DBF8"}, {"criteria": "cpe:2.3:a:emc:networker:7.6.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2CFD5DF-BCD0-46C6-B18E-60465A6318BA"}, {"criteria": "cpe:2.3:a:emc:networker:7.6.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D68C4BE8-A053-46F3-B9F3-DDE3451F30B0"}, {"criteria": "cpe:2.3:a:emc:networker:7.6.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2335F8A5-30E3-4452-8FFA-1ED185917313"}, {"criteria": "cpe:2.3:a:emc:networker:7.6.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3A22B0B-E8C4-47AB-B276-E8E38BDDE818"}, {"criteria": "cpe:2.3:a:emc:networker:7.6.0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FA7C02D-DA10-4B9D-83C9-98BBE81E6166"}, {"criteria": "cpe:2.3:a:emc:networker:7.6.0.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "121F391B-295D-4684-A7F4-C91C57033532"}, {"criteria": "cpe:2.3:a:emc:networker:7.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B8771B6-D668-47B7-B114-E6E111A2A322"}, {"criteria": "cpe:2.3:a:emc:networker:7.6.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D8BE130-4CA6-4690-AB01-59A50EB8B997"}, {"criteria": "cpe:2.3:a:emc:networker:7.6.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ECE180DF-44A3-49FA-865E-774D51E2F574"}, {"criteria": "cpe:2.3:a:emc:networker:7.6.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2EFDC5AA-A5F9-4F98-88CA-E83323C26255"}, {"criteria": "cpe:2.3:a:emc:networker:7.6.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "731868F9-F611-442B-85B6-8E5C7A963DBA"}, {"criteria": "cpe:2.3:a:emc:networker:7.6.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E27C64B9-83B9-44D9-A3FA-3B93867B086C"}, {"criteria": "cpe:2.3:a:emc:networker:7.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ADBD90BD-A1F7-45D6-9BD3-19AF88FD6087"}, {"criteria": "cpe:2.3:a:emc:networker:7.6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BEF6BADD-1761-4F58-8FE6-34824D36A42A"}, {"criteria": "cpe:2.3:a:emc:networker:7.6.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4DB455DF-F7F5-4534-A854-BB61604DDD5E"}, {"criteria": "cpe:2.3:a:emc:networker:7.6.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FEE098A5-18F8-43F1-967D-5FB1A4213BAE"}, {"criteria": "cpe:2.3:a:emc:networker:7.6.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C4DA434-8078-4E3D-84C9-6338B6860CE2"}, {"criteria": "cpe:2.3:a:emc:networker:7.6.4.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0A517A5-86EC-4ACD-9120-9855FD4A66F8"}, {"criteria": "cpe:2.3:a:emc:networker:7.6.4.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "945BBBE4-ACC1-4FD9-9147-2C3AD6AEBAD3"}, {"criteria": "cpe:2.3:a:emc:networker:7.6.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF979EA7-ADAF-4F5E-834A-16571BF7FF02"}, {"criteria": "cpe:2.3:a:emc:networker:7.6.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE474B05-A028-4166-915F-96738CA18F87"}, {"criteria": "cpe:2.3:a:emc:networker:7.6.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CFB839A7-524B-4E16-93E2-20223E409D73"}, {"criteria": "cpe:2.3:a:emc:networker:7.6.5.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7979286C-889B-4403-A624-6BA997B1F9E4"}, {"criteria": "cpe:2.3:a:emc:networker:7.6.5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04A5F456-4351-403B-BB2B-13F82C8A61B3"}, {"criteria": "cpe:2.3:a:emc:networker:7.6.5.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BBEE7E63-28F7-47F4-9111-5837BF5BE142"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:emc:networker:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83625C74-9A2C-406D-A72F-98057C626180"}, {"criteria": "cpe:2.3:a:emc:networker:8.0.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C918819-AE64-4C02-BDFD-44A7950260E2"}, {"criteria": "cpe:2.3:a:emc:networker:8.0.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D67F8C96-D9A8-4EBC-909D-8D5076F72C5F"}, {"criteria": "cpe:2.3:a:emc:networker:8.0.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D89D53E-767D-43D6-822A-418297C7349C"}, {"criteria": "cpe:2.3:a:emc:networker:8.0.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B59F4C75-D6C7-4D9F-A3B5-311DA1D59F25"}, {"criteria": "cpe:2.3:a:emc:networker:8.0.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3601F4F-FAA4-4B88-8B39-3E8DCCDC621F"}, {"criteria": "cpe:2.3:a:emc:networker:8.0.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "408E3FBD-64BF-4E37-9FA2-C9FC69A2D5F0"}, {"criteria": "cpe:2.3:a:emc:networker:8.0.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A95340F-8259-4471-A288-3046D67EDE5A"}, {"criteria": "cpe:2.3:a:emc:networker:8.0.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87F69CAF-0E54-45EF-9063-6FDCFA2A0BD0"}, {"criteria": "cpe:2.3:a:emc:networker:8.0.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A990F8EA-B69D-458B-8433-41BA5118D57B"}, {"criteria": "cpe:2.3:a:emc:networker:8.0.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3875F1DF-21A9-4F50-8F01-D55AFD725094"}, {"criteria": "cpe:2.3:a:emc:networker:8.0.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C9084EB-5D75-477D-AF31-BDC174B1A23C"}, {"criteria": "cpe:2.3:a:emc:networker:8.0.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A851B4E-C9CB-4580-BFD9-4A28EA9E3859"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}

4.6 /10