Omitir para ir al contenido principal
Cerrar

Bienvenido a Dell

Mi cuenta
  • Hacer pedidos rápida y fácilmente
  • Ver pedidos y realizar seguimiento al estado del envío
  • Cree y acceda a una lista de sus productos
  • Administre sus sitios, productos y contactos de nivel de producto de Dell EMC con Administración de la empresa.
Iniciar sesión Crear una cuenta Clientes Premier Iniciar sesión en el programa para partners

Número del artículo: 000192419

DSA-2021-193: Dell EMC NetWorker and Dell EMC NetWorker vProxy Security Update for Multiple Vulnerabilities

Resumen: Dell EMC NetWorker and Dell EMC NetWorker vProxy remediation is available for multiple vulnerabilities that may be exploited by malicious users to compromise the affected system.

Contenido del artículo

Impacto

Medium

Detalles

Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2021-36311 Dell EMC Networker versions prior to 19.5 contain an Improper Authorization vulnerability. Any local malicious user with networker user privileges may exploit this vulnerability to upload malicious file to unauthorized locations and execute it. 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
 
Third-party Component CVE More information
Linux Kernel CVE-2021-33909 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2021-36311 Dell EMC Networker versions prior to 19.5 contain an Improper Authorization vulnerability. Any local malicious user with networker user privileges may exploit this vulnerability to upload malicious file to unauthorized locations and execute it. 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
 
Third-party Component CVE More information
Linux Kernel CVE-2021-33909 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
Dell Technologies recomienda que todos los clientes tengan en cuenta tanto la puntuación base como cualquier otra puntuación ambiental y temporal relevante que pueda afectar la posible gravedad asociada con la vulnerabilidad de seguridad en particular.

Productos y soluciones comprometidos

CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2021-36311 Dell EMC NetWorker Client (running nsrrcopy script via nsrexecd) Versions before 19.5.0 19.5.0.2 https://www.dell.com/support/home/en-in/product-support/product/networker/drivers 
19.4.0.5
CVE-2021-33909 Dell EMC NetWorker vProxy  4.3.0-13 and earlier   4.3.0-14 and later which was released as part of the Dell EMC NetWorker 19.5.0.2 release and later.  https://www.dell.com/support/home/en-in/product-support/product/networker/drivers 
CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2021-36311 Dell EMC NetWorker Client (running nsrrcopy script via nsrexecd) Versions before 19.5.0 19.5.0.2 https://www.dell.com/support/home/en-in/product-support/product/networker/drivers 
19.4.0.5
CVE-2021-33909 Dell EMC NetWorker vProxy  4.3.0-13 and earlier   4.3.0-14 and later which was released as part of the Dell EMC NetWorker 19.5.0.2 release and later.  https://www.dell.com/support/home/en-in/product-support/product/networker/drivers 

Reconocimientos

Dell Technologies would like to thank Cesar Neira from Base4 Security for reporting CVE-2021-36311.

Historial de revisiones

Revision

Date

Description

1.0

2021-10-11

Initial Release

2.02021-11-08Added Version 19.4.0.5

Información relacionada

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Información legal

Propiedades del artículo

Producto comprometido

NetWorker Family, NetWorker, Product Security Information

Fecha de la última publicación

08 nov. 2021

Versión

2

Tipo de artículo

Dell Security Advisory

Volver al principio