DSA-2021-193: Dell EMC NetWorker and Dell EMC NetWorker vProxy Security Update for Multiple Vulnerabilities
요약: Dell EMC NetWorker and Dell EMC NetWorker vProxy remediation is available for multiple vulnerabilities that may be exploited by malicious users to compromise the affected system.
이 문서는 다음에 적용됩니다.
이 문서는 다음에 적용되지 않습니다.
이 문서는 특정 제품과 관련이 없습니다.
모든 제품 버전이 이 문서에 나와 있는 것은 아닙니다.
영향
Medium
세부 정보
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-36311 | Dell EMC Networker versions prior to 19.5 contain an Improper Authorization vulnerability. Any local malicious user with networker user privileges may exploit this vulnerability to upload malicious file to unauthorized locations and execute it. | 6.0 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N |
| Third-party Component | CVE | More information |
| Linux Kernel | CVE-2021-33909 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE |
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-36311 | Dell EMC Networker versions prior to 19.5 contain an Improper Authorization vulnerability. Any local malicious user with networker user privileges may exploit this vulnerability to upload malicious file to unauthorized locations and execute it. | 6.0 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N |
| Third-party Component | CVE | More information |
| Linux Kernel | CVE-2021-33909 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE |
영향을 받는 제품 및 문제 해결
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-36311 | Dell EMC NetWorker Client (running nsrrcopy script via nsrexecd) | Versions before 19.5.0 | 19.5.0.2 | https://www.dell.com/support/home/en-in/product-support/product/networker/drivers |
| 19.4.0.5 | ||||
| CVE-2021-33909 | Dell EMC NetWorker vProxy | 4.3.0-13 and earlier | 4.3.0-14 and later which was released as part of the Dell EMC NetWorker 19.5.0.2 release and later. | https://www.dell.com/support/home/en-in/product-support/product/networker/drivers |
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-36311 | Dell EMC NetWorker Client (running nsrrcopy script via nsrexecd) | Versions before 19.5.0 | 19.5.0.2 | https://www.dell.com/support/home/en-in/product-support/product/networker/drivers |
| 19.4.0.5 | ||||
| CVE-2021-33909 | Dell EMC NetWorker vProxy | 4.3.0-13 and earlier | 4.3.0-14 and later which was released as part of the Dell EMC NetWorker 19.5.0.2 release and later. | https://www.dell.com/support/home/en-in/product-support/product/networker/drivers |
개정 내역
|
Revision |
Date |
Description |
|
1.0 |
2021-10-11 |
Initial Release |
| 2.0 | 2021-11-08 | Added Version 19.4.0.5 |
감사의 말
Dell Technologies would like to thank Cesar Neira from Base4 Security for reporting CVE-2021-36311.
관련 정보
법적 고지 사항
해당 제품
NetWorker Family, NetWorker, Product Security Information문서 속성
문서 번호: 000192419
문서 유형: Dell Security Advisory
마지막 수정 시간: 08 11월 2021
다른 Dell 사용자에게 질문에 대한 답변 찾기
지원 서비스
디바이스에 지원 서비스가 적용되는지 확인하십시오.