A vulnerability has been found in EMC Replication Manager up to 5.5.3.0 and classified as very critical. Affected by this vulnerability is an unknown code of the component Client. The manipulation with an unknown input leads to a input validation vulnerability. The CWE definition for the vulnerability is CWE-20. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:

The client in EMC Replication Manager (RM) before 5.5.3.0_01-PatchHotfix, EMC Network Module for Microsoft 3.x, and EMC Networker Module for Microsoft 8.2.x before 8.2.3.6 allows remote RM servers to execute arbitrary commands by placing a crafted script in an SMB share.

The weakness was published 10/05/2016 by Felix Wilhelm with ERNW (Website). The advisory is shared at seclists.org. This vulnerability is known as CVE-2016-0913 since 12/17/2015. The attack can be launched remotely. The exploitation doesn't need any form of authentication. Neither technical details nor an exploit are publicly available. The price for an exploit might be around USD $0-$5k at the moment (estimation calculated on 09/22/2022).

Applying the patch 5.5.3.0_01-PatchHotfix is able to eliminate this problem.

Similar entry is available at 92422.

Productinfo

Vendor

• EMC

Name

• Replication Manager

Version

• 5.5.0
• 5.5.1
• 5.5.2
• 5.5.3

License

• commercial

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion