Detections
Analytics
EMC NetWorker Module for MEDITECH 3.0 Build 87 - 90 Local Information Disclosure
low Nessus Plugin ID 78823
Language:
Synopsis
The remote Windows host has an application installed that is affected by a local information disclosure vulnerability.Description
The version of EMC NetWorker (formerly Legato NetWorker) Module for MEDITECH (NMMEDI) installed on the remote host is 3.0 build 87 - 90.It is, therefore, affected by a local information disclosure vulnerability due to RecoverPoint and Plink commands storing plaintext RecoverPoint Appliance login credentials in NMMEDI log files.
Solution
Upgrade to EMC NetWorker Module for MEDITECH 3.0 build 92 / 8.2 build 479 or later.See Also
http://support.emc.com/kb/193627
https://seclists.org/bugtraq/2014/Oct/att-144/ESA-2014-087.txt
Plugin Details
Severity: Low
ID: 78823
File Name: emc_networker_MEDITECH_esa-2014-087.nasl
Version: 1.4
Type: local
Agent: windows
Family: Windows
Published: 11/3/2014
Updated: 11/15/2018
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.7
CVSS v2
Risk Factor: Low
Base Score: 2.1
Temporal Score: 1.6
Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N
Vulnerability Information
CPE: cpe:/a:emc:networker, cpe:/a:meditech:meditech
Required KB Items: installed_sw/EMC NetWorker
Exploit Ease: No known exploits are available
Patch Publication Date: 10/24/2014
Vulnerability Publication Date: 10/24/2014
Reference Information
CVE: CVE-2014-4620
BID: 70726