CVE-2017-8023 : Security Advisory and Response
Learn about CVE-2017-8023, a critical remote code execution vulnerability in EMC NetWorker, allowing unauthorized commands execution with administrative privileges.
EMC Networker Remote Code Execution Vulnerability
Understanding CVE-2017-8023
This CVE involves a remote code execution vulnerability in EMC NetWorker, potentially allowing attackers to execute arbitrary commands on the host system.
What is CVE-2017-8023?
The Networker Client execution service in EMC NetWorker is susceptible to remote code execution if the oldauth authentication method is used. This flaw enables unauthorized individuals to send commands through the RPC service, executing them with the same privileges as the nsrexecd service.
The Impact of CVE-2017-8023
The vulnerability has a CVSS base score of 9.8, categorizing it as critical. It poses high risks to confidentiality, integrity, and availability, with no authentication required for exploitation.
Technical Details of CVE-2017-8023
Vulnerability Description
- The vulnerability lies in the Networker Client execution service (nsrexecd) in EMC NetWorker.
- Attackers can exploit the flaw by using the oldauth authentication method to send arbitrary commands.
Affected Systems and Versions
- Affected versions include Networker 8.2.X, 9.0.X, and custom versions less than 9.1.15 and 9.2.1.
Exploitation Mechanism
- Attackers can leverage the vulnerability to execute commands on the host system with administrative privileges.
Mitigation and Prevention
Immediate Steps to Take
- Disable the oldauth authentication method in EMC NetWorker to mitigate the vulnerability.
- Monitor network traffic for any suspicious activities.
Long-Term Security Practices
- Regularly update and patch EMC NetWorker to address security vulnerabilities.
- Implement network segmentation to limit the impact of potential attacks.
Patching and Updates
- Apply the latest security patches provided by Dell EMC to fix the vulnerability.