Lucene search

[email protected]NVD:CVE-2021-36311

HistoryNov 23, 2021 - 8:15 p.m.

CVE-2021-36311

2021-11-2320:15:10

CWE-285

[email protected]

web.nvd.nist.gov

dell emc networker

19.5

improper authorization

vulnerability

malicious file

unauthorized locations

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

Dell EMC Networker versions prior to 19.5 contain an Improper Authorization vulnerability. Any local malicious user with networker user privileges may exploit this vulnerability to upload malicious file to unauthorized locations and execute it.

Affected configurations

Nvd

Node

dellemc_networkerRange<19.5.0.0

VendorProductVersionCPE
dellemc_networker*cpe:2.3:a:dell:emc_networker:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	emc_networker	*	cpe:2.3:a:dell:emc_networker::::::::

References

www.dell.com/support/kbdoc/000192419

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

Related for NVD:CVE-2021-36311

cnvd1 cvelist1 cve1 prion1