Buffer overflow in EMC NetWorker Server - CVE-2017-8022
Published: October 17, 2017 / Updated: October 17, 2017
Vulnerability identifier: #VU8848
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2017-8022
CWE-ID: CWE-120
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Dell
Affected software:
EMC NetWorker Server
EMC NetWorker Server
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to buffer overflow in the EMC NetWorker Server service (nsrd) when handling malicious input. A remote attacker can send specially crafted data, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
How to mitigate CVE-2017-8022
The vulnerability is addressed in the following versions: 8.2.4.9, 9.1.1.3, 9.2.0.4.