CVE-2007-2361 : Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExe

Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore points images are configured, uses weak permissions (world readable) for a configuration file with network share credentials, which allows local users to obtain the credentials by reading the file.

Published 2007-04-30 22:19:00

Updated 2017-07-29 01:31:24

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2007-2361

Symantec » Norton Ghost » Version: 10.0 Norton System Works Edition
cpe:2.3:a:symantec:norton_ghost:10.0:*:norton_system_works:*:*:*:*:*
Matching versions
Symantec » Norton Ghost » Version: 10.01
cpe:2.3:a:symantec:norton_ghost:10.01:*:*:*:*:*:*:*
Matching versions
Symantec » Norton Ghost » Version: 10.0
cpe:2.3:a:symantec:norton_ghost:10.0:*:*:*:*:*:*:*
Matching versions
Symantec » Norton Ghost » Version: 10.0 Dell Edition
cpe:2.3:a:symantec:norton_ghost:10.0:*:dell:*:*:*:*:*
Matching versions
Symantec » Backupexec System Recovery » Version: 6.52
cpe:2.3:a:symantec:backupexec_system_recovery:6.52:*:*:*:*:*:*:*
Matching versions
Symantec » Backupexec System Recovery » Version: 6.52a
cpe:2.3:a:symantec:backupexec_system_recovery:6.52a:*:*:*:*:*:*:*
Matching versions
Symantec » Backupexec System Recovery » Version: 6.5
cpe:2.3:a:symantec:backupexec_system_recovery:6.5:*:*:*:*:*:*:*
Matching versions
Symantec » Backupexec System Recovery » Version: 6.53
cpe:2.3:a:symantec:backupexec_system_recovery:6.53:*:*:*:*:*:*:*
Matching versions
Symantec » Livestate Recovery » Version: 6.0
cpe:2.3:a:symantec:livestate_recovery:6.0:*:*:*:*:*:*:*
Matching versions
Symantec » Livestate Recovery » Version: 6.01
cpe:2.3:a:symantec:livestate_recovery:6.01:*:*:*:*:*:*:*
Matching versions
Symantec » Livestate Recovery » Version: 6.02
cpe:2.3:a:symantec:livestate_recovery:6.02:*:*:*:*:*:*:*
Matching versions
Symantec » Norton Save And Recovery » Version: 11.01b
cpe:2.3:a:symantec:norton_save_and_recovery:11.01b:*:*:*:*:*:*:*
Matching versions
Symantec » Norton Save And Recovery » Version: 1.01 Sony Euro Edition
cpe:2.3:a:symantec:norton_save_and_recovery:1.01:*:sony_euro:*:*:*:*:*
Matching versions
Symantec » Norton Save And Recovery » Version: 1.01b Norton System Works 2007 Edition
cpe:2.3:a:symantec:norton_save_and_recovery:1.01b:*:norton_system_works_2007:*:*:*:*:*
Matching versions
Symantec » Norton Save And Recovery » Version: 11.0
cpe:2.3:a:symantec:norton_save_and_recovery:11.0:*:*:*:*:*:*:*
Matching versions
Symantec » Norton Save And Recovery » Version: 11.01
cpe:2.3:a:symantec:norton_save_and_recovery:11.01:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2007-2361

EPSS FAQ

0.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 18 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2007-2361

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.9	MEDIUM	AV:L/AC:L/Au:N/C:C/I:N/A:N	3.9	6.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: None Availability Impact: None

References for CVE-2007-2361

Jump to

Vulnerability Details : CVE-2007-2361

Products affected by CVE-2007-2361

Exploit prediction scoring system (EPSS) score for CVE-2007-2361

CVSS scores for CVE-2007-2361

References for CVE-2007-2361