Lucene search

DellCVELIST:CVE-2021-36349

HistoryJan 24, 2022 - 8:10 p.m.

CVE-2021-36349

2022-01-2420:10:20

CWE-918

dell

www.cve.org

dell emc

data protection

server side request forgery

vulnerability

dns client processing

port scanning

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

Dell EMC Data Protection Central versions 19.5 and prior contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user could potentially exploit this vulnerability, allowing port scanning of external hosts.

CNA Affected

[
  {
    "product": "Data Protection Central",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "19.6",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/000195103

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

Related for CVELIST:CVE-2021-36349