Lucene search

DellCVELIST:CVE-2022-34368

HistoryAug 30, 2022 - 8:25 p.m.

CVE-2022-34368

2022-08-3020:25:15

CWE-280

dell

www.cve.org

dell emc networker

insufficient permissions

authenticated vulnerability

CVSS3

6.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L

EPSS

0.001

Percentile

28.4%

JSON

Dell EMC NetWorker 19.2.1.x 19.3.x, 19.4.x, 19.5.x, 19.6.x and 19.7.0.0 contain an Improper Handling of Insufficient Permissions or Privileges vulnerability. Authenticated non admin user could exploit this vulnerability and gain access to restricted resources.

CNA Affected

[
  {
    "product": "NetWorker Management Console",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "19.6.1.2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000201652/dsa-2022-194-dell-emc-networker-security-update-for-insufficient-privileges-vulnerability

CVSS3

6.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L

EPSS

0.001

Percentile

28.4%

JSON

Related for CVELIST:CVE-2022-34368