CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
81.7%
Insecure file permissions, network access control and DNS
usage put systems that use Legato NetWorker at risk.
When the software is running, several files that contain
sensitive information are created with insecure permissions.
The information exposed include passwords and can therefore
be used for privilege elevation.
An empty “servers” file, which should normally
contain hostnames of authorized backup servers, may allow
unauthorized backups to be made. Sensitive information can
be extracted from these backups.
When reverse DNS fails for the Legato client IP a weak
authorization scheme, containing a flaw that allows
unauthorized access, is used. This may allow unauthorized
access.