Vulnerabilities > CVE-2012-2284 - Credentials Management vulnerability in EMC Networker Module for Microsoft Applications 2.2.1/2.3/2.4

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

emc

CWE-255

nessus

NVD

Published: 2012-10-18

Updated: 2024-11-21

Summary

The (1) install and (2) upgrade processes in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375, when Exchange Server is used, allow local users to read cleartext administrator credentials via unspecified vectors.

Vulnerable Configurations

Part	Description	Count
Application	Emc EMC Networker Module FOR Microsoft Applications 2.2.1 EMC Networker Module FOR Microsoft Applications 2.3 EMC Networker Module FOR Microsoft Applications 2.4	3
Application	Microsoft Microsoft Exchange Server *	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

Nessus

NASL family	Windows
NASL id	EMC_NETWORKER_MODULE_2_4_375.NASL
description	The version of EMC NetWorker (formerly Legato NetWorker) Module for Microsoft Applications installed on the remote host is 2.2.1, 2.3 prior to 2.3 build 122, or 2.4 prior to 2.4 build 375. As such, it reportedly is affected by multiple vulnerabilities, including arbitrary code execution and an information disclosure vulnerability that could allow an attacker the ability to obtain plaintext credentials.
last seen	2020-06-01
modified	2020-06-02
plugin id	62946
published	2012-11-16
reporter	This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/62946
title	EMC NetWorker Module for Microsoft Applications 2.2.1 / 2.3.x < 2.3 build 122 / 2.4.x < 2.4 build 375 Multiple Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(62946); script_version("1.7"); script_cvs_date("Date: 2018/11/15 20:50:26"); script_cve_id("CVE-2012-2284", "CVE-2012-2290"); script_bugtraq_id(55883); script_xref(name:"IAVA", value:"2012-A-0177"); script_name(english:"EMC NetWorker Module for Microsoft Applications 2.2.1 / 2.3.x < 2.3 build 122 / 2.4.x < 2.4 build 375 Multiple Vulnerabilities"); script_summary(english:"Checks version of EMC NetWorker Module for Microsoft Applications"); script_set_attribute(attribute:"synopsis", value: "The remote Windows host has an application that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of EMC NetWorker (formerly Legato NetWorker) Module for Microsoft Applications installed on the remote host is 2.2.1, 2.3 prior to 2.3 build 122, or 2.4 prior to 2.4 build 375. As such, it reportedly is affected by multiple vulnerabilities, including arbitrary code execution and an information disclosure vulnerability that could allow an attacker the ability to obtain plaintext credentials."); script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2012/Oct/67"); script_set_attribute(attribute:"solution", value: "Upgrade to EMC NetWorker Module for Microsoft Applications 2.3 build 122 / 2.4 build 375 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/10"); script_set_attribute(attribute:"patch_publication_date", value:"2012/10/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/11/16"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:emc:networker_module_for_microsoft_applications"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_dependencies("emc_networker_installed.nasl"); script_require_keys("installed_sw/EMC NetWorker"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("install_func.inc"); appname = "EMC NetWorker"; modname = 'Module for Microsoft Applications'; fullname = appname+" "+modname; install = get_single_install(app_name:appname, exit_if_unknown_ver:TRUE); ver = install[modname+' Version']; path = install['path']; # Module is not installed if(empty_or_null(ver)) audit(AUDIT_NOT_INST,fullname); if ( ver =~ "^2\.2\.1\." \|\| (ver =~ "^2\.3\.0\." && ver_compare(ver:ver,fix:"2.3.0.122",strict:FALSE) < 0) \|\| (ver =~ "^2\.4\.0\." && ver_compare(ver:ver,fix:"2.4.0.375",strict:FALSE) < 0) ) { port = get_kb_item("SMB/transport"); if(isnull(port)) port = 445; if (report_verbosity > 0) { fix = '2.3.0.122 / 2.4.0.375'; report = '\n Path : ' + path + '\n Installed version : ' + ver + '\n Fixed version : ' + fix + '\n'; security_hole(port:port, extra:report); } else security_hole(port); } else audit(AUDIT_INST_PATH_NOT_VULN, fullname, ver, path);

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References