Lucene search

DellCVELIST:CVE-2021-36311

HistoryNov 23, 2021 - 8:00 p.m.

CVE-2021-36311

2021-11-2320:00:36

CWE-285

dell

www.cve.org

dell

emc

networker

cve-2021-36311

improper authorization

vulnerability

upload

execute

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N

AI Score

7.8

Confidence

High

EPSS

Percentile

12.6%

JSON

Dell EMC Networker versions prior to 19.5 contain an Improper Authorization vulnerability. Any local malicious user with networker user privileges may exploit this vulnerability to upload malicious file to unauthorized locations and execute it.

CNA Affected

[
  {
    "product": "NetWorker",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "19.5",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/000192419

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N

AI Score

7.8

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVELIST:CVE-2021-36311