What is CVE-2012-2288?

CVE-2012-2288 is a vulnerability in Emc Networker, classified under Use of Externally-Controlled Format String. Published 2012-09-04.

Is CVE-2012-2288 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Emc Networker

CVE-2012-2288

Format string vulnerability in the nsrd RPC service in EMC NetWorker 7.6.3 and 7.6.4 before 7.6.4.1, and 8.0 before 8.0.0.1, allows remote attackers to execute arbitrary code via format string specifiers in a message.

EPSS: 0.699 (98.7th percentile) — read the EPSS interpretation.

Affected products

Emc Networker — versions 7.6.3, 7.6.4, 8.0
N/a — versions n/a

Weakness classification (CWE)

CWE-134 — Use of Externally-Controlled Format String

Public proof-of-concept exploits

rapid7/metasploit-framework

References

55330 (vdb-entry, x_refsource_BID)
20120830 ESA-2012-038: EMC NetWorker Format String Vulnerability (mailing-list, x_refsource_BUGTRAQ)
1027459 (vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2012-2288?: CVE-2012-2288 is a vulnerability in Emc Networker, classified under Use of Externally-Controlled Format String. Published 2012-09-04.
Is CVE-2012-2288 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.