Lucene search

DellCVELIST:CVE-2021-21559

HistoryJun 08, 2021 - 6:05 p.m.

CVE-2021-21559

2021-06-0818:05:47

CWE-295

dell

www.cve.org

dell emc

networker

ssl

vulnerability

certificate validation

man-in-the-middle

network collision domain

exploit

CVSS3

7.1

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.1

Confidence

High

EPSS

0.001

Percentile

18.1%

JSON

Dell EMC NetWorker, versions 18.x, 19.1.x, 19.2.x 19.3.x, 19.4, and 19.4.0.1 contain an Improper Certificate Validation vulnerability in the client (NetWorker Management Console) components which uses SSL encrypted connection in order to communicate with the application server. An unauthenticated attacker in the same network collision domain as the NetWorker Management Console client could potentially exploit this vulnerability to perform man-in-the-middle attacks to intercept and tamper the traffic between the client and the application server.

CNA Affected

[
  {
    "product": "NetWorker",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "19.4.0.2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000186638/dsa-2021-104-dell-emc-networker-security-update-for-multiple-vulnerabilities

CVSS3

7.1

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.1

Confidence

High

EPSS

0.001

Percentile

18.1%

JSON

Related for CVELIST:CVE-2021-21559