DSA-2021-193: Dell EMC NetWorker and Dell EMC NetWorker vProxy Security Update for Multiple Vulnerabilities
Résumé: Dell EMC NetWorker and Dell EMC NetWorker vProxy remediation is available for multiple vulnerabilities that may be exploited by malicious users to compromise the affected system.
Cet article concerne
Cet article ne concerne pas
Cet article n’est associé à aucun produit spécifique.
Toutes les versions du produit ne sont pas identifiées dans cet article.
Impact
Medium
Détails
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-36311 | Dell EMC Networker versions prior to 19.5 contain an Improper Authorization vulnerability. Any local malicious user with networker user privileges may exploit this vulnerability to upload malicious file to unauthorized locations and execute it. | 6.0 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N |
| Third-party Component | CVE | More information |
| Linux Kernel | CVE-2021-33909 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE |
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-36311 | Dell EMC Networker versions prior to 19.5 contain an Improper Authorization vulnerability. Any local malicious user with networker user privileges may exploit this vulnerability to upload malicious file to unauthorized locations and execute it. | 6.0 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N |
| Third-party Component | CVE | More information |
| Linux Kernel | CVE-2021-33909 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE |
Produits concernés et mesure corrective
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-36311 | Dell EMC NetWorker Client (running nsrrcopy script via nsrexecd) | Versions before 19.5.0 | 19.5.0.2 | https://www.dell.com/support/home/en-in/product-support/product/networker/drivers |
| 19.4.0.5 | ||||
| CVE-2021-33909 | Dell EMC NetWorker vProxy | 4.3.0-13 and earlier | 4.3.0-14 and later which was released as part of the Dell EMC NetWorker 19.5.0.2 release and later. | https://www.dell.com/support/home/en-in/product-support/product/networker/drivers |
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-36311 | Dell EMC NetWorker Client (running nsrrcopy script via nsrexecd) | Versions before 19.5.0 | 19.5.0.2 | https://www.dell.com/support/home/en-in/product-support/product/networker/drivers |
| 19.4.0.5 | ||||
| CVE-2021-33909 | Dell EMC NetWorker vProxy | 4.3.0-13 and earlier | 4.3.0-14 and later which was released as part of the Dell EMC NetWorker 19.5.0.2 release and later. | https://www.dell.com/support/home/en-in/product-support/product/networker/drivers |
Historique des révisions
|
Revision |
Date |
Description |
|
1.0 |
2021-10-11 |
Initial Release |
| 2.0 | 2021-11-08 | Added Version 19.4.0.5 |
Remerciements
Dell Technologies would like to thank Cesar Neira from Base4 Security for reporting CVE-2021-36311.
Informations connexes
Mention légale
Produits concernés
NetWorker Family, NetWorker, Product Security InformationPropriétés de l’article
Numéro d’article: 000192419
Type d’article: Dell Security Advisory
Dernière modification: 08 nov. 2021
Trouvez des réponses à vos questions auprès d’autres utilisateurs Dell
Services de support
Vérifiez si votre appareil est couvert par les services de support.