CVE-2013-0935

EMC Smarts Network Configuration Manager (NCM) before 9.2 does not require authentication for all Java RMI method calls, which allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2013-03/0135.html
http://archives.neohapsis.com/archives/bugtraq/2013-03/0135.html

Configurations

Configuration 1 (hide)

cpe:2.3:a:emc:smarts_network_configuration_manager:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:48

Type	Values Removed	Values Added
References	~~() http://archives.neohapsis.com/archives/bugtraq/2013-03/0135.html -~~	() http://archives.neohapsis.com/archives/bugtraq/2013-03/0135.html -

Information

Published : 2013-03-28 15:55

Updated : 2025-04-11 00:51

NVD link : CVE-2013-0935

Mitre link : CVE-2013-0935

CVE.ORG link : CVE-2013-0935

JSON object : View

Products Affected

emc

smarts_network_configuration_manager

CWE

CWE-287

Improper Authentication

{"id": "CVE-2013-0935", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-03-28T15:55:01.783", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2013-03/0135.html", "source": "security_alert@emc.com"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2013-03/0135.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "EMC Smarts Network Configuration Manager (NCM) before 9.2 does not require authentication for all Java RMI method calls, which allows remote attackers to execute arbitrary code via unspecified vectors."}, {"lang": "es", "value": "EMC Smarts Network Configuration Manager (NCM) anterior v9.2 no requiere autenticaci\u00f3n para todo los m\u00e9todos de llamada Java RMI, que permite ataques remotos ejecutando c\u00f3digo arbitrario a trav\u00e9s de vectores sin especificar."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:emc:smarts_network_configuration_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ACA2AE84-D37E-4639-8549-984979D2B004", "versionEndIncluding": "9.1"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}

9.3 /10