Vulnerabilities > CVE-2012-2284 - Credentials Management vulnerability in EMC Networker Module for Microsoft Applications 2.2.1/2.3/2.4

047910
CVSS 2.1 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
local
low complexity
emc
microsoft
CWE-255
nessus

Summary

The (1) install and (2) upgrade processes in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375, when Exchange Server is used, allow local users to read cleartext administrator credentials via unspecified vectors.

Common Weakness Enumeration (CWE)

Nessus

NASL familyWindows
NASL idEMC_NETWORKER_MODULE_2_4_375.NASL
descriptionThe version of EMC NetWorker (formerly Legato NetWorker) Module for Microsoft Applications installed on the remote host is 2.2.1, 2.3 prior to 2.3 build 122, or 2.4 prior to 2.4 build 375. As such, it reportedly is affected by multiple vulnerabilities, including arbitrary code execution and an information disclosure vulnerability that could allow an attacker the ability to obtain plaintext credentials.
last seen2020-06-01
modified2020-06-02
plugin id62946
published2012-11-16
reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/62946
titleEMC NetWorker Module for Microsoft Applications 2.2.1 / 2.3.x < 2.3 build 122 / 2.4.x < 2.4 build 375 Multiple Vulnerabilities
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(62946);
  script_version("1.7");
  script_cvs_date("Date: 2018/11/15 20:50:26");

  script_cve_id("CVE-2012-2284", "CVE-2012-2290");
  script_bugtraq_id(55883);
  script_xref(name:"IAVA", value:"2012-A-0177");

  script_name(english:"EMC NetWorker Module for Microsoft Applications 2.2.1 / 2.3.x < 2.3 build 122 / 2.4.x < 2.4 build 375 Multiple Vulnerabilities");
  script_summary(english:"Checks version of EMC NetWorker Module for Microsoft Applications");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host has an application that is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of EMC NetWorker (formerly Legato NetWorker) Module for
Microsoft Applications installed on the remote host is 2.2.1, 2.3
prior to 2.3 build 122, or 2.4 prior to 2.4 build 375. As such, it
reportedly is affected by multiple vulnerabilities, including
arbitrary code execution and an information disclosure vulnerability
that could allow an attacker the ability to obtain plaintext
credentials.");
  script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2012/Oct/67");
  script_set_attribute(attribute:"solution", value:
"Upgrade to EMC NetWorker Module for Microsoft Applications 2.3 build
122 / 2.4 build 375 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/10/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/11/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:emc:networker_module_for_microsoft_applications");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");

  script_dependencies("emc_networker_installed.nasl");
  script_require_keys("installed_sw/EMC NetWorker");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("install_func.inc");

appname  = "EMC NetWorker";
modname  = 'Module for Microsoft Applications';
fullname = appname+" "+modname;
install  = get_single_install(app_name:appname, exit_if_unknown_ver:TRUE);
ver      = install[modname+' Version'];
path     = install['path'];

# Module is not installed
if(empty_or_null(ver)) audit(AUDIT_NOT_INST,fullname);

if (
   ver =~ "^2\.2\.1\." ||
  (ver =~ "^2\.3\.0\." && ver_compare(ver:ver,fix:"2.3.0.122",strict:FALSE) < 0) ||
  (ver =~ "^2\.4\.0\." && ver_compare(ver:ver,fix:"2.4.0.375",strict:FALSE) < 0)
)
{
  port = get_kb_item("SMB/transport");
  if(isnull(port)) port = 445;

  if (report_verbosity > 0)
  {
    fix = '2.3.0.122 / 2.4.0.375';
    report =
        '\n  Path              : ' + path +
        '\n  Installed version : ' + ver +
        '\n  Fixed version     : ' + fix +
        '\n';
    security_hole(port:port, extra:report);
  }
  else security_hole(port);
}
else audit(AUDIT_INST_PATH_NOT_VULN, fullname, ver, path);