CVE-2012-2290

2012-10-1817:55:01

CWE-94

[email protected]

web.nvd.nist.gov

emc

networker

microsoft applications

nmm

cve-2012-2290

remote code execution

tcp channel

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

Low

0.068 Low

EPSS

Percentile

93.9%

JSON

The client in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375 allows remote attackers to execute arbitrary code by sending a crafted message over a TCP communication channel.

Affected configurations

NVD

Node

emcnetworker_module_for_microsoft_applicationsMatch2.2.1

emcnetworker_module_for_microsoft_applicationsMatch2.3

emcnetworker_module_for_microsoft_applicationsMatch2.4

CPENameOperatorVersion
emc:networker_module_for_microsoft_applicationsemc networker module for microsoft applicationseq2.2.1
emc:networker_module_for_microsoft_applicationsemc networker module for microsoft applicationseq2.3
emc:networker_module_for_microsoft_applicationsemc networker module for microsoft applicationseq2.4

CPE	Name	Operator	Version
emc:networker_module_for_microsoft_applications	emc networker module for microsoft applications	eq	2.2.1
emc:networker_module_for_microsoft_applications	emc networker module for microsoft applications	eq	2.3
emc:networker_module_for_microsoft_applications	emc networker module for microsoft applications	eq	2.4