DSA-2021-193: Dell EMC NetWorker and Dell EMC NetWorker vProxy Security Update for Multiple Vulnerabilities
Сводка: Dell EMC NetWorker and Dell EMC NetWorker vProxy remediation is available for multiple vulnerabilities that may be exploited by malicious users to compromise the affected system.
Данная статья применяется к
Данная статья не применяется к
Эта статья не привязана к какому-либо конкретному продукту.
В этой статье указаны не все версии продуктов.
Влияние
Medium
Подробные сведения
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-36311 | Dell EMC Networker versions prior to 19.5 contain an Improper Authorization vulnerability. Any local malicious user with networker user privileges may exploit this vulnerability to upload malicious file to unauthorized locations and execute it. | 6.0 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N |
| Third-party Component | CVE | More information |
| Linux Kernel | CVE-2021-33909 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE |
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-36311 | Dell EMC Networker versions prior to 19.5 contain an Improper Authorization vulnerability. Any local malicious user with networker user privileges may exploit this vulnerability to upload malicious file to unauthorized locations and execute it. | 6.0 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N |
| Third-party Component | CVE | More information |
| Linux Kernel | CVE-2021-33909 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE |
Затронутые продукты и исправление
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-36311 | Dell EMC NetWorker Client (running nsrrcopy script via nsrexecd) | Versions before 19.5.0 | 19.5.0.2 | https://www.dell.com/support/home/en-in/product-support/product/networker/drivers |
| 19.4.0.5 | ||||
| CVE-2021-33909 | Dell EMC NetWorker vProxy | 4.3.0-13 and earlier | 4.3.0-14 and later which was released as part of the Dell EMC NetWorker 19.5.0.2 release and later. | https://www.dell.com/support/home/en-in/product-support/product/networker/drivers |
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-36311 | Dell EMC NetWorker Client (running nsrrcopy script via nsrexecd) | Versions before 19.5.0 | 19.5.0.2 | https://www.dell.com/support/home/en-in/product-support/product/networker/drivers |
| 19.4.0.5 | ||||
| CVE-2021-33909 | Dell EMC NetWorker vProxy | 4.3.0-13 and earlier | 4.3.0-14 and later which was released as part of the Dell EMC NetWorker 19.5.0.2 release and later. | https://www.dell.com/support/home/en-in/product-support/product/networker/drivers |
История изменений
|
Revision |
Date |
Description |
|
1.0 |
2021-10-11 |
Initial Release |
| 2.0 | 2021-11-08 | Added Version 19.4.0.5 |
Сведения об авторе и авторских правах
Dell Technologies would like to thank Cesar Neira from Base4 Security for reporting CVE-2021-36311.
Связанная информация
Правовая оговорка
Затронутые продукты
NetWorker Family, NetWorker, Product Security InformationСвойства статьи
Номер статьи: 000192419
Тип статьи: Dell Security Advisory
Последнее изменение: 08 Nov 2021
Получите ответы на свои вопросы от других пользователей Dell
Услуги технической поддержки
Проверьте, распространяются ли на ваше устройство услуги технической поддержки.