EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 rely on AUTH_UNIX authentication, which relies on user ID for authentication and allows remote attackers to bypass authentication and gain privileges by spoofing a username or UID.
Conclusion & alert: CVE-2005-0357 is rated Moderate Risk (56.6/100): CVSS High severity, with high exploitation likelihood (EPSS 4.50%, 90th percentile). Core evidence: EPSS ranks this CVE among the most likely to be exploited in the near term. Mandatory action: High exploitation likelihood—assess exposure and prioritize remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 17.71% | 4.50% | -13.22% |
| 2 | 2025-03-30 | 15.50% | 17.71% | +2.21% |
| 3 | 2025-03-29 | — | 15.50% | — |
Full EPSS history (11 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 7.5 | 2.0 | HIGH |
|
10.0 | 6.4 | [email protected] |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| emc | legato_networker | 4.2.2 | cpe:2.3:a:emc:legato_networker:4.2.2:*:*:*:*:*:*:* |
| emc | legato_networker | 6.0 | cpe:2.3:a:emc:legato_networker:6.0:*:*:*:*:*:*:* |
| emc | legato_networker | 6.1 | cpe:2.3:a:emc:legato_networker:6.1:*:*:*:*:*:*:* |
| emc | legato_networker | 7.2 | cpe:2.3:a:emc:legato_networker:7.2:*:*:*:*:*:*:* |
| emc | legato_networker | 7.13 | cpe:2.3:a:emc:legato_networker:7.13:*:*:*:*:*:*:* |
| sun | solstice_backup | 6.0 | cpe:2.3:a:sun:solstice_backup:6.0:*:*:*:*:*:*:* |
| sun | solstice_backup | 6.1 | cpe:2.3:a:sun:solstice_backup:6.1:*:*:*:*:*:*:* |
| sun | storedge_enterprise_backup_software | 7.0 | cpe:2.3:a:sun:storedge_enterprise_backup_software:7.0:*:*:*:*:*:*:* |
| sun | storedge_enterprise_backup_software | 7.1 | cpe:2.3:a:sun:storedge_enterprise_backup_software:7.1:*:*:*:*:*:*:* |
| sun | storedge_enterprise_backup_software | 7.2 | cpe:2.3:a:sun:storedge_enterprise_backup_software:7.2:*:*:*:*:*:*:* |
| URL | Tags |
|---|---|
| http://secunia.com/advisories/16464 | Patch Vendor Advisory |
| http://secunia.com/advisories/16470 | Vendor Advisory |
| http://securitytracker.com/id?1014713 | Patch |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1 | Patch Vendor Advisory |
| http://www.kb.cert.org/vuls/id/606857 | Patch Third Party Advisory US Government Resource |
| http://www.legato.com/support/websupport/product_alerts/081605_NW_authentication.htm | Patch |
| http://www.osvdb.org/18800 | |
| http://www.securityfocus.com/bid/14582 | Patch |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/21887 |