Details of VAR-202010-0890

ID

VAR-202010-0890

CVE

CVE-2020-26183

TITLE

Dell EMC NetWorker Vulnerability in externally accessible files or directories in

Trust: 0.8

sources: JVNDB: JVNDB-2020-012393

DESCRIPTION

Dell EMC NetWorker versions prior to 19.3.0.2 contain an improper authorization vulnerability. Certain remote users with low privileges may exploit this vulnerability to perform 'nsrmmdbd' operations in an unintended manner. The software provides backup and recovery, deduplication, backup reporting, and more

Trust: 1.8

sources: NVD: CVE-2020-26183 // JVNDB: JVNDB-2020-012393 // VULHUB: VHN-180236 // VULMON: CVE-2020-26183

AFFECTED PRODUCTS

vendor:	dell	model:	emc networker	scope:	lt	version:	19.3.0.2	Trust: 1.0
vendor:	dell emc 旧 emc	model:	networker	scope:	eq	version:	-	Trust: 0.8
vendor:	dell emc 旧 emc	model:	networker	scope:	lt	version:	19.3.0.2 less than	Trust: 0.8

sources: JVNDB: JVNDB-2020-012393 // NVD: CVE-2020-26183

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-26183
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2020-26183
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-26183
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202010-735
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-180236
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-26183
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-26183
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-180236
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-26183
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2020-26183
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	4.0
version:	3.1
Trust: 1.0
NVD:	CVE-2020-26183
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-180236 // VULMON: CVE-2020-26183 // JVNDB: JVNDB-2020-012393 // CNNVD: CNNVD-202010-735 // NVD: CVE-2020-26183 // NVD: CVE-2020-26183

PROBLEMTYPE DATA

problemtype:	CWE-552	Trust: 1.1
problemtype:	CWE-285	Trust: 1.0
problemtype:	Externally accessible file or directory (CWE-552) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-180236 // JVNDB: JVNDB-2020-012393 // NVD: CVE-2020-26183

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-735

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202010-735

PATCH

title:	DSA-2020-229	url:	https://www.dell.com/support/security/en-us/details/546616/DSA-2020-229-Dell-EMC-NetWorker-Multiple-Security-Vulnerabilities	Trust: 0.8
title:	Dell EMC NetWorker Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131341	Trust: 0.6

sources: JVNDB: JVNDB-2020-012393 // CNNVD: CNNVD-202010-735

EXTERNAL IDS

db:	NVD	id:	CVE-2020-26183	Trust: 2.6
db:	JVNDB	id:	JVNDB-2020-012393	Trust: 0.8
db:	CNNVD	id:	CNNVD-202010-735	Trust: 0.7
db:	NSFOCUS	id:	50621	Trust: 0.6
db:	VULHUB	id:	VHN-180236	Trust: 0.1
db:	VULMON	id:	CVE-2020-26183	Trust: 0.1

sources: VULHUB: VHN-180236 // VULMON: CVE-2020-26183 // JVNDB: JVNDB-2020-012393 // CNNVD: CNNVD-202010-735 // NVD: CVE-2020-26183

REFERENCES

url:	https://www.dell.com/support/security/en-us/details/546616/dsa-2020-229-dell-emc-networker-multiple-security-vulnerabilities	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-26183	Trust: 1.4
url:	http://www.nsfocus.net/vulndb/50621	Trust: 0.6
url:	https://vigilance.fr/vulnerability/dell-emc-networker-privilege-escalation-33620	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/552.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/189930	Trust: 0.1

sources: VULHUB: VHN-180236 // VULMON: CVE-2020-26183 // JVNDB: JVNDB-2020-012393 // CNNVD: CNNVD-202010-735 // NVD: CVE-2020-26183

SOURCES

db:	VULHUB	id:	VHN-180236
db:	VULMON	id:	CVE-2020-26183
db:	JVNDB	id:	JVNDB-2020-012393
db:	CNNVD	id:	CNNVD-202010-735
db:	NVD	id:	CVE-2020-26183

LAST UPDATE DATE

2024-11-23T21:58:59.855000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-180236	date:	2020-10-21T00:00:00
db:	VULMON	id:	CVE-2020-26183	date:	2020-10-21T00:00:00
db:	JVNDB	id:	JVNDB-2020-012393	date:	2021-05-07T05:49:00
db:	CNNVD	id:	CNNVD-202010-735	date:	2020-11-18T00:00:00
db:	NVD	id:	CVE-2020-26183	date:	2024-11-21T05:19:28.440

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-180236	date:	2020-10-16T00:00:00
db:	VULMON	id:	CVE-2020-26183	date:	2020-10-16T00:00:00
db:	JVNDB	id:	JVNDB-2020-012393	date:	2021-05-07T00:00:00
db:	CNNVD	id:	CNNVD-202010-735	date:	2020-10-16T00:00:00
db:	NVD	id:	CVE-2020-26183	date:	2020-10-16T18:15:12.880