Details of VAR-202106-0710

ID

VAR-202106-0710

CVE

CVE-2021-21558

TITLE

Dell EMC NetWorker Vulnerability related to information disclosure from log files

Trust: 0.8

sources: JVNDB: JVNDB-2021-007915

DESCRIPTION

Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 19.4.0.1, contains an Information Disclosure vulnerability. A local administrator of the gstd system may potentially exploit this vulnerability to read LDAP credentials from local logs and use the stolen credentials to make changes to the network domain. The software provides backup and recovery, deduplication, backup reporting, and more

Trust: 1.8

sources: NVD: CVE-2021-21558 // JVNDB: JVNDB-2021-007915 // VULHUB: VHN-379962 // VULMON: CVE-2021-21558

AFFECTED PRODUCTS

vendor:	dell	model:	emc networker	scope:	gte	version:	18.1.0.1	Trust: 1.0
vendor:	dell	model:	emc networker	scope:	lt	version:	19.4.0.2	Trust: 1.0
vendor:	dell emc 旧 emc	model:	networker	scope:	eq	version:	19.1.x	Trust: 0.8
vendor:	dell emc 旧 emc	model:	networker	scope:	eq	version:	19.3.x	Trust: 0.8
vendor:	dell emc 旧 emc	model:	networker	scope:	eq	version:	19.4	Trust: 0.8
vendor:	dell emc 旧 emc	model:	networker	scope:	eq	version:	-	Trust: 0.8
vendor:	dell emc 旧 emc	model:	networker	scope:	eq	version:	18.x	Trust: 0.8
vendor:	dell emc 旧 emc	model:	networker	scope:	eq	version:	19.4.0.1	Trust: 0.8
vendor:	dell emc 旧 emc	model:	networker	scope:	eq	version:	19.2.x	Trust: 0.8

sources: JVNDB: JVNDB-2021-007915 // NVD: CVE-2021-21558

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-21558
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2021-21558
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-21558
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202105-1128
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-379962
value:	LOW
Trust: 0.1
VULMON:	CVE-2021-21558
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-21558
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-379962
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-21558
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.8
impactScore:	3.6
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2021-21558
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.5
impactScore:	6.0
version:	3.1
Trust: 1.0
NVD:	CVE-2021-21558
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-379962 // VULMON: CVE-2021-21558 // JVNDB: JVNDB-2021-007915 // CNNVD: CNNVD-202105-1128 // NVD: CVE-2021-21558 // NVD: CVE-2021-21558

PROBLEMTYPE DATA

problemtype:	CWE-532	Trust: 1.1
problemtype:	Information leakage from log files (CWE-532) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-379962 // JVNDB: JVNDB-2021-007915 // NVD: CVE-2021-21558

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202105-1128

TYPE

log information leak

Trust: 0.6

sources: CNNVD: CNNVD-202105-1128

PATCH

title:	DSA-2021-104	url:	https://www.dell.com/support/kbdoc/ja-jp/000186638/dsa-2021-104-dell-emc-networker-security-update-for-multiple-vulnerabilities	Trust: 0.8
title:	Dell EMC NetWorker Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=153318	Trust: 0.6
title:	CVE-2021-21558	url:	https://github.com/PwnCast/CVE-2021-21558	Trust: 0.1
title:	research	url:	https://github.com/afinepl/research	Trust: 0.1

sources: VULMON: CVE-2021-21558 // JVNDB: JVNDB-2021-007915 // CNNVD: CNNVD-202105-1128

EXTERNAL IDS

db:	NVD	id:	CVE-2021-21558	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-007915	Trust: 0.8
db:	CNNVD	id:	CNNVD-202105-1128	Trust: 0.6
db:	VULHUB	id:	VHN-379962	Trust: 0.1
db:	VULMON	id:	CVE-2021-21558	Trust: 0.1

sources: VULHUB: VHN-379962 // VULMON: CVE-2021-21558 // JVNDB: JVNDB-2021-007915 // CNNVD: CNNVD-202105-1128 // NVD: CVE-2021-21558

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000186638/dsa-2021-104-dell-emc-networker-security-update-for-multiple-vulnerabilities	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21558	Trust: 0.8
url:	https://vigilance.fr/vulnerability/dell-emc-networker-two-vulnerabilities-35417	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/532.html	Trust: 0.1
url:	https://github.com/pwncast/cve-2021-21558	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-379962 // VULMON: CVE-2021-21558 // JVNDB: JVNDB-2021-007915 // CNNVD: CNNVD-202105-1128 // NVD: CVE-2021-21558

SOURCES

db:	VULHUB	id:	VHN-379962
db:	VULMON	id:	CVE-2021-21558
db:	JVNDB	id:	JVNDB-2021-007915
db:	CNNVD	id:	CNNVD-202105-1128
db:	NVD	id:	CVE-2021-21558

LAST UPDATE DATE

2024-08-14T15:11:55.322000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-379962	date:	2021-06-16T00:00:00
db:	VULMON	id:	CVE-2021-21558	date:	2021-06-16T00:00:00
db:	JVNDB	id:	JVNDB-2021-007915	date:	2022-02-25T09:06:00
db:	CNNVD	id:	CNNVD-202105-1128	date:	2021-06-17T00:00:00
db:	NVD	id:	CVE-2021-21558	date:	2021-06-16T00:29:34.877

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-379962	date:	2021-06-08T00:00:00
db:	VULMON	id:	CVE-2021-21558	date:	2021-06-08T00:00:00
db:	JVNDB	id:	JVNDB-2021-007915	date:	2022-02-25T00:00:00
db:	CNNVD	id:	CNNVD-202105-1128	date:	2021-05-17T00:00:00
db:	NVD	id:	CVE-2021-21558	date:	2021-06-08T18:15:08.097