Lucene search

CertccCVE-2005-0358

HistoryAug 23, 2005 - 4:00 a.m.

CVE-2005-0358

2005-08-2304:00:00

certcc

web.nvd.nist.gov

emc

legato networker

solstice backup

storedge

enterprise backup

authentication

vulnerability

cve-2005-0358

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.8

Confidence

Low

EPSS

0.033

Percentile

91.3%

JSON

EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 6.0 through 7.2 do not properly verify authentication tokens, which allows remote attackers to gain privileges by modifying an authentication token.

Affected configurations

Nvd

Node

emclegato_networkerMatch4.2.2

emclegato_networkerMatch6.0

emclegato_networkerMatch6.1

emclegato_networkerMatch7.2

emclegato_networkerMatch7.13

sunsolstice_backupMatch6.0

sunsolstice_backupMatch6.1

sunstoredge_enterprise_backup_softwareMatch7.0

sunstoredge_enterprise_backup_softwareMatch7.1

sunstoredge_enterprise_backup_softwareMatch7.2

VendorProductVersionCPE
emclegato_networker4.2.2cpe:2.3:a:emc:legato_networker:4.2.2:*:*:*:*:*:*:*
emclegato_networker6.0cpe:2.3:a:emc:legato_networker:6.0:*:*:*:*:*:*:*
emclegato_networker6.1cpe:2.3:a:emc:legato_networker:6.1:*:*:*:*:*:*:*
emclegato_networker7.2cpe:2.3:a:emc:legato_networker:7.2:*:*:*:*:*:*:*
emclegato_networker7.13cpe:2.3:a:emc:legato_networker:7.13:*:*:*:*:*:*:*
sunsolstice_backup6.0cpe:2.3:a:sun:solstice_backup:6.0:*:*:*:*:*:*:*
sunsolstice_backup6.1cpe:2.3:a:sun:solstice_backup:6.1:*:*:*:*:*:*:*
sunstoredge_enterprise_backup_software7.0cpe:2.3:a:sun:storedge_enterprise_backup_software:7.0:*:*:*:*:*:*:*
sunstoredge_enterprise_backup_software7.1cpe:2.3:a:sun:storedge_enterprise_backup_software:7.1:*:*:*:*:*:*:*
sunstoredge_enterprise_backup_software7.2cpe:2.3:a:sun:storedge_enterprise_backup_software:7.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
emc	legato_networker	4.2.2	cpe:2.3:a:emc:legato_networker:4.2.2:::::::*
emc	legato_networker	6.0	cpe:2.3:a:emc:legato_networker:6.0:::::::*
emc	legato_networker	6.1	cpe:2.3:a:emc:legato_networker:6.1:::::::*
emc	legato_networker	7.2	cpe:2.3:a:emc:legato_networker:7.2:::::::*
emc	legato_networker	7.13	cpe:2.3:a:emc:legato_networker:7.13:::::::*
sun	solstice_backup	6.0	cpe:2.3:a:sun:solstice_backup:6.0:::::::*
sun	solstice_backup	6.1	cpe:2.3:a:sun:solstice_backup:6.1:::::::*
sun	storedge_enterprise_backup_software	7.0	cpe:2.3:a:sun:storedge_enterprise_backup_software:7.0:::::::*
sun	storedge_enterprise_backup_software	7.1	cpe:2.3:a:sun:storedge_enterprise_backup_software:7.1:::::::*
sun	storedge_enterprise_backup_software	7.2	cpe:2.3:a:sun:storedge_enterprise_backup_software:7.2:::::::*

References

secunia.com/advisories/16464

secunia.com/advisories/16470

securitytracker.com/id?1014713

sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1

www.kb.cert.org/vuls/id/407641

www.legato.com/support/websupport/product_alerts/081605_NW_token_authentication.htm

www.osvdb.org/18801

www.securityfocus.com/bid/14582

exchange.xforce.ibmcloud.com/vulnerabilities/21892

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.8

Confidence

Low

EPSS

0.033

Percentile

91.3%

JSON

Related for CVE-2005-0358