CVE-2016-0913 - OpenCVE

The client in EMC Replication Manager (RM) before 5.5.3.0_01-PatchHotfix, EMC Network Module for Microsoft 3.x, and EMC Networker Module for Microsoft 8.2.x before 8.2.3.6 allows remote RM servers to execute arbitrary commands by placing a crafted script in an SMB share.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Emc	Networker Module For Microsoft Applications Replication Manager

Configuration 1 [-]

OR	cpe:2.3:a:emc:networker_module_for_microsoft_applications::::::::
	cpe:2.3:a:emc:networker_module_for_microsoft_applications:3.0:::::::*
	cpe:2.3:a:emc:networker_module_for_microsoft_applications:3.0.1:::::::*
	cpe:2.3:a:emc:replication_manager::::::::

No data.

References

Link	Providers
http://seclists.org/bugtraq/2016/Oct/6
http://www.securityfocus.com/bid/93348
http://www.securitytracker.com/id/1036940

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2016-10-05T01:00:00

Updated: 2024-08-05T22:38:41.015Z

Reserved: 2015-12-17T00:00:00

Link: CVE-2016-0913

Vulnrichment

No data.

NVD

Status : Modified

Published: 2016-10-05T01:59:05.823

Modified: 2017-07-30T01:29:01.037

Link: CVE-2016-0913

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-10-04T00:00:00", "descriptions": [{"lang": "en", "value": "The client in EMC Replication Manager (RM) before 5.5.3.0_01-PatchHotfix, EMC Network Module for Microsoft 3.x, and EMC Networker Module for Microsoft 8.2.x before 8.2.3.6 allows remote RM servers to execute arbitrary commands by placing a crafted script in an SMB share."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-29T09:57:01", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"name": "1036940", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1036940"}, {"name": "93348", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/93348"}, {"name": "20161004 ESA-2016-063: EMC Replication Manager and Network Module for Microsoft Remote Code Execution Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://seclists.org/bugtraq/2016/Oct/6"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "ID": "CVE-2016-0913", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The client in EMC Replication Manager (RM) before 5.5.3.0_01-PatchHotfix, EMC Network Module for Microsoft 3.x, and EMC Networker Module for Microsoft 8.2.x before 8.2.3.6 allows remote RM servers to execute arbitrary commands by placing a crafted script in an SMB share."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1036940", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1036940"}, {"name": "93348", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93348"}, {"name": "20161004 ESA-2016-063: EMC Replication Manager and Network Module for Microsoft Remote Code Execution Vulnerability", "refsource": "BUGTRAQ", "url": "http://seclists.org/bugtraq/2016/Oct/6"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T22:38:41.015Z"}, "title": "CVE Program Container", "references": [{"name": "1036940", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1036940"}, {"name": "93348", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/93348"}, {"name": "20161004 ESA-2016-063: EMC Replication Manager and Network Module for Microsoft Remote Code Execution Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://seclists.org/bugtraq/2016/Oct/6"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2016-0913", "datePublished": "2016-10-05T01:00:00", "dateReserved": "2015-12-17T00:00:00", "dateUpdated": "2024-08-05T22:38:41.015Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:emc:networker_module_for_microsoft_applications:*:*:*:*:*:*:*:*", "matchCriteriaId": "D98D85D3-42B9-4552-9DB9-6DCE1CB41958", "versionEndIncluding": "8.2.3.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:networker_module_for_microsoft_applications:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "D2F6B128-7AB5-490B-B104-49EC7ECEA7AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:networker_module_for_microsoft_applications:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "9C2D3BBD-BD95-4ECB-84BF-443C792985C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:replication_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "74EA0D77-A27C-452C-AA15-0455A95BE908", "versionEndIncluding": "5.5.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The client in EMC Replication Manager (RM) before 5.5.3.0_01-PatchHotfix, EMC Network Module for Microsoft 3.x, and EMC Networker Module for Microsoft 8.2.x before 8.2.3.6 allows remote RM servers to execute arbitrary commands by placing a crafted script in an SMB share."}, {"lang": "es", "value": "El cliente en EMC Replication Manager (RM) en versiones anteriores a 5.5.3.0_01-PatchHotfix, EMC Network Module para Microsoft 3.x y EMC Networker Module para Microsoft 8.2.x en versiones anteriores a 8.2.3.6 permite a servidores RM remotos ejecutar comandos arbitrarios colocando una secuencia de comandos manipulada en un recurso compartido SMB."}], "id": "CVE-2016-0913", "lastModified": "2017-07-30T01:29:01.037", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-10-05T01:59:05.823", "references": [{"source": "security_alert@emc.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/bugtraq/2016/Oct/6"}, {"source": "security_alert@emc.com", "url": "http://www.securityfocus.com/bid/93348"}, {"source": "security_alert@emc.com", "url": "http://www.securitytracker.com/id/1036940"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}