CVE-2002-1117

Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://seer.support.veritas.com/docs/238618.htm
http://www.osvdb.org/8230
http://marc.info/?l=bugtraq&m=103134930629683&w=2
http://marc.info/?l=bugtraq&m=103134395124579&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1036
https://exchange.xforce.ibmcloud.com/vulnerabilities/10093

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:symantec_veritas:backup_exec:*:*:*:*:*:*:*:*

Information

Published : 2002-10-03 21:00

Updated : 2017-10-09 18:30

NVD link : CVE-2002-1117

Mitre link : CVE-2002-1117

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

symantec_veritas

backup_exec

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://seer.support.veritas.com/docs/238618.htm", "name": "http://seer.support.veritas.com/docs/238618.htm", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.osvdb.org/8230", "name": "8230", "tags": [], "refsource": "OSVDB"}, {"url": "http://marc.info/?l=bugtraq&m=103134930629683&w=2", "name": "20020906 UPDATE: (Was Veritas Backup Exec opens networks for NetBIOS based attacks?)", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://marc.info/?l=bugtraq&m=103134395124579&w=2", "name": "20020906 Veritas Backup Exec opens networks for NetBIOS based attacks?", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1036", "name": "oval:org.mitre.oval:def:1036", "tags": [], "refsource": "OVAL"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10093", "name": "veritas-backupexec-restrictanonymous-zero(10093)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Veritas Backup Exec 8.5 and earlier requires that the \"RestrictAnonymous\" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2002-1117", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2002-10-04T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:symantec_veritas:backup_exec:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "8.5"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-10-10T01:30Z"}