Vulnerability Details : CVE-2017-8023
EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the Networker Client execution service (nsrexecd) when oldauth authentication method is used. An unauthenticated remote attacker could send arbitrary commands via RPC service to be executed on the host system with the privileges of the nsrexecd service, which runs with administrative privileges.
Vulnerability category: Execute codeBypassGain privilege
Products affected by CVE-2017-8023
- cpe:2.3:a:dell:emc_networker:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:emc_networker:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:emc_networker:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:emc_networker:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-8023
17.99%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-8023
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
Dell |
CWE ids for CVE-2017-8023
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-8023
-
http://www.securityfocus.com/bid/107712
Dell EMC NetWorker CVE-2017-8023 Remote Code Execution Vulnerability
-
https://seclists.org/fulldisclosure/2019/Mar/50
Full Disclosure: ESA-2017-123: EMC Networker Remote Code Execution VulnerabilityMailing List;Third Party Advisory
Jump to