CVE-2011-0647

EMC Replication Manager Client irccd.exe Remote Code Execution Vulnerability

Severity Score

10.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The irccd.exe service in EMC Replication Manager Client before 5.3 and NetWorker Module for Microsoft Applications 2.1.x and 2.2.x allows remote attackers to execute arbitrary commands via the RunProgram function to TCP port 6542.

El servicio irccd.exe en EMC Replication Manager Client anterior de v5.3 y NetWorker Module para Microsoft Applications v2.1.x y v2.2.x permite a atacantes remotos ejecutar comandos de su elección a través de la función RunProgram al puerto TCP 6542.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the EMC Replication Manager Client. Authentication is not required to exploit this vulnerability.
The Replication Manager client installs a service binds the irccd.exe process to TCP port 6542. This service accepts commands using an XML-based protocol. It exposes a vulnerability through it's RunProgram functionality. By abusing this function an attacker can execute arbitrary code under the context of currently logged in user.

*Credits: Anonymous

CVSS Scores

NISTv2 10.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2011-01-25 CVE Reserved
2011-02-07 CVE Published
2011-02-27 First Exploit
2024-07-08 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-20: Improper Input Validation

CAPEC

References (9)

URL	Tag	Source
http://osvdb.org/70853	Vdb Entry
http://www.securityfocus.com/archive/1/516260	Mailing List
http://www.securityfocus.com/archive/1/516282/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/46235	Vdb Entry
http://www.zerodayinitiative.com/advisories/ZDI-11-061	X_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/65205	Vdb Entry

URL	Date	SRC
https://www.exploit-db.com/exploits/41704	2011-02-27

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/43164	2018-10-09
http://www.vupen.com/english/advisories/2011/0304	2018-10-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Emc Search vendor "Emc"		Replication Manager Search vendor "Emc" for product "Replication Manager"				<= 5.2.3 Search vendor "Emc" for product "Replication Manager" and version " <= 5.2.3"		client		Affected
Emc Search vendor "Emc"		Replication Manager Search vendor "Emc" for product "Replication Manager"				2.0 Search vendor "Emc" for product "Replication Manager" and version "2.0"		client		Affected
Emc Search vendor "Emc"		Replication Manager Search vendor "Emc" for product "Replication Manager"				5.2 Search vendor "Emc" for product "Replication Manager" and version "5.2"		client		Affected
Emc Search vendor "Emc"		Replication Manager Search vendor "Emc" for product "Replication Manager"				5.2.2 Search vendor "Emc" for product "Replication Manager" and version "5.2.2"		client		Affected
Emc Search vendor "Emc"		Networker Module Search vendor "Emc" for product "Networker Module"				2.1 Search vendor "Emc" for product "Networker Module" and version "2.1"		microsoft_applications		Affected
Emc Search vendor "Emc"		Networker Module Search vendor "Emc" for product "Networker Module"				2.2 Search vendor "Emc" for product "Networker Module" and version "2.2"		microsoft_applications		Affected