DSA-2021-193: Dell EMC NetWorker and Dell EMC NetWorker vProxy Security Update for Multiple Vulnerabilities
Resumen: Dell EMC NetWorker and Dell EMC NetWorker vProxy remediation is available for multiple vulnerabilities that may be exploited by malicious users to compromise the affected system.
Este artículo se aplica a
Este artículo no se aplica a
Este artículo no está vinculado a ningún producto específico.
No se identifican todas las versiones del producto en este artículo.
Impacto
Medium
Detalles
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-36311 | Dell EMC Networker versions prior to 19.5 contain an Improper Authorization vulnerability. Any local malicious user with networker user privileges may exploit this vulnerability to upload malicious file to unauthorized locations and execute it. | 6.0 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N |
| Third-party Component | CVE | More information |
| Linux Kernel | CVE-2021-33909 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE |
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-36311 | Dell EMC Networker versions prior to 19.5 contain an Improper Authorization vulnerability. Any local malicious user with networker user privileges may exploit this vulnerability to upload malicious file to unauthorized locations and execute it. | 6.0 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N |
| Third-party Component | CVE | More information |
| Linux Kernel | CVE-2021-33909 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE |
Corrección y productos afectados
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-36311 | Dell EMC NetWorker Client (running nsrrcopy script via nsrexecd) | Versions before 19.5.0 | 19.5.0.2 | https://www.dell.com/support/home/en-in/product-support/product/networker/drivers |
| 19.4.0.5 | ||||
| CVE-2021-33909 | Dell EMC NetWorker vProxy | 4.3.0-13 and earlier | 4.3.0-14 and later which was released as part of the Dell EMC NetWorker 19.5.0.2 release and later. | https://www.dell.com/support/home/en-in/product-support/product/networker/drivers |
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-36311 | Dell EMC NetWorker Client (running nsrrcopy script via nsrexecd) | Versions before 19.5.0 | 19.5.0.2 | https://www.dell.com/support/home/en-in/product-support/product/networker/drivers |
| 19.4.0.5 | ||||
| CVE-2021-33909 | Dell EMC NetWorker vProxy | 4.3.0-13 and earlier | 4.3.0-14 and later which was released as part of the Dell EMC NetWorker 19.5.0.2 release and later. | https://www.dell.com/support/home/en-in/product-support/product/networker/drivers |
Historial de revisiones
|
Revision |
Date |
Description |
|
1.0 |
2021-10-11 |
Initial Release |
| 2.0 | 2021-11-08 | Added Version 19.4.0.5 |
Reconocimientos
Dell Technologies would like to thank Cesar Neira from Base4 Security for reporting CVE-2021-36311.
Información relacionada
Descargo de responsabilidad
Productos afectados
NetWorker Family, NetWorker, Product Security InformationPropiedades del artículo
Número del artículo: 000192419
Tipo de artículo: Dell Security Advisory
Última modificación: 08 nov 2021
Encuentre respuestas a sus preguntas de otros usuarios de Dell
Servicios de soporte
Compruebe si el dispositivo está cubierto por los servicios de soporte.