9.3
CVE-2012-2288
- EPSS 33.12%
- Veröffentlicht 04.09.2012 11:04:48
- Zuletzt bearbeitet 16.06.2026 23:41:17
- Quelle security_alert@emc.com
- CVE-Watchlists
- Unerledigt
Format string vulnerability in the nsrd RPC service in EMC NetWorker 7.6.3 and 7.6.4 before 7.6.4.1, and 8.0 before 8.0.0.1, allows remote attackers to execute arbitrary code via format string specifiers in a message.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 33.12% | 0.981 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-134 Use of Externally-Controlled Format String
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
http://archives.neohapsis.com/archives/bugtraq/2012-08/0219.html
http://www.securityfocus.com/bid/55330
http://www.securitytracker.com/id?1027459