Details of VAR-202106-0711

ID

VAR-202106-0711

CVE

CVE-2021-21559

TITLE

Dell EMC NetWorker Vulnerability in Certificate Verification

Trust: 0.8

sources: JVNDB: JVNDB-2021-007916

DESCRIPTION

Dell EMC NetWorker, versions 18.x, 19.1.x, 19.2.x 19.3.x, 19.4, and 19.4.0.1 contain an Improper Certificate Validation vulnerability in the client (NetWorker Management Console) components which uses SSL encrypted connection in order to communicate with the application server. An unauthenticated attacker in the same network collision domain as the NetWorker Management Console client could potentially exploit this vulnerability to perform man-in-the-middle attacks to intercept and tamper the traffic between the client and the application server. Dell EMC NetWorker Contains a certificate validation vulnerability.Information may be tampered with. The software provides backup and recovery, deduplication, backup reporting, and more

Trust: 1.8

sources: NVD: CVE-2021-21559 // JVNDB: JVNDB-2021-007916 // VULHUB: VHN-379963 // VULMON: CVE-2021-21559

AFFECTED PRODUCTS

vendor:	dell	model:	emc networker	scope:	gte	version:	18.1.0.1	Trust: 1.0
vendor:	dell	model:	emc networker	scope:	lt	version:	19.4.0.2	Trust: 1.0
vendor:	dell emc 旧 emc	model:	networker	scope:	eq	version:	19.1.x	Trust: 0.8
vendor:	dell emc 旧 emc	model:	networker	scope:	eq	version:	19.3.x	Trust: 0.8
vendor:	dell emc 旧 emc	model:	networker	scope:	eq	version:	19.4	Trust: 0.8
vendor:	dell emc 旧 emc	model:	networker	scope:	eq	version:	-	Trust: 0.8
vendor:	dell emc 旧 emc	model:	networker	scope:	eq	version:	18.x	Trust: 0.8
vendor:	dell emc 旧 emc	model:	networker	scope:	eq	version:	19.4.0.1	Trust: 0.8
vendor:	dell emc 旧 emc	model:	networker	scope:	eq	version:	19.2.x	Trust: 0.8

sources: JVNDB: JVNDB-2021-007916 // NVD: CVE-2021-21559

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-21559
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2021-21559
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-21559
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202105-1119
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-379963
value:	LOW
Trust: 0.1
VULMON:	CVE-2021-21559
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-21559
severity:	LOW
baseScore:	2.9
vectorString:	AV:A/AC:M/AU:N/C:N/I:P/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	5.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-379963
severity:	LOW
baseScore:	2.9
vectorString:	AV:A/AC:M/AU:N/C:N/I:P/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	5.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-21559
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	ADJACENT
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.6
impactScore:	3.6
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2021-21559
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-21559
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	ADJACENT NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-379963 // VULMON: CVE-2021-21559 // JVNDB: JVNDB-2021-007916 // CNNVD: CNNVD-202105-1119 // NVD: CVE-2021-21559 // NVD: CVE-2021-21559

PROBLEMTYPE DATA

problemtype:	CWE-295	Trust: 1.1
problemtype:	Bad certificate verification (CWE-295) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-379963 // JVNDB: JVNDB-2021-007916 // NVD: CVE-2021-21559

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202105-1119

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202105-1119

PATCH

title:	DSA-2021-104	url:	https://www.dell.com/support/kbdoc/ja-jp/000186638/dsa-2021-104-dell-emc-networker-security-update-for-multiple-vulnerabilities	Trust: 0.8
title:	Dell EMC NetWorker Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=153317	Trust: 0.6
title:	research	url:	https://github.com/afinepl/research	Trust: 0.1
title:	-	url:	https://github.com/afine-com/research	Trust: 0.1

sources: VULMON: CVE-2021-21559 // JVNDB: JVNDB-2021-007916 // CNNVD: CNNVD-202105-1119

EXTERNAL IDS

db:	NVD	id:	CVE-2021-21559	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-007916	Trust: 0.8
db:	CNNVD	id:	CNNVD-202105-1119	Trust: 0.6
db:	CNVD	id:	CNVD-2021-54405	Trust: 0.1
db:	VULHUB	id:	VHN-379963	Trust: 0.1
db:	VULMON	id:	CVE-2021-21559	Trust: 0.1

sources: VULHUB: VHN-379963 // VULMON: CVE-2021-21559 // JVNDB: JVNDB-2021-007916 // CNNVD: CNNVD-202105-1119 // NVD: CVE-2021-21559

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000186638/dsa-2021-104-dell-emc-networker-security-update-for-multiple-vulnerabilities	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21559	Trust: 0.8
url:	https://vigilance.fr/vulnerability/dell-emc-networker-two-vulnerabilities-35417	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/295.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/afinepl/research	Trust: 0.1

sources: VULHUB: VHN-379963 // VULMON: CVE-2021-21559 // JVNDB: JVNDB-2021-007916 // CNNVD: CNNVD-202105-1119 // NVD: CVE-2021-21559

SOURCES

db:	VULHUB	id:	VHN-379963
db:	VULMON	id:	CVE-2021-21559
db:	JVNDB	id:	JVNDB-2021-007916
db:	CNNVD	id:	CNNVD-202105-1119
db:	NVD	id:	CVE-2021-21559

LAST UPDATE DATE

2024-08-14T13:54:02.847000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-379963	date:	2021-06-16T00:00:00
db:	VULMON	id:	CVE-2021-21559	date:	2021-06-16T00:00:00
db:	JVNDB	id:	JVNDB-2021-007916	date:	2022-02-25T09:06:00
db:	CNNVD	id:	CNNVD-202105-1119	date:	2021-06-17T00:00:00
db:	NVD	id:	CVE-2021-21559	date:	2021-06-16T00:34:11.500

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-379963	date:	2021-06-08T00:00:00
db:	VULMON	id:	CVE-2021-21559	date:	2021-06-08T00:00:00
db:	JVNDB	id:	JVNDB-2021-007916	date:	2022-02-25T00:00:00
db:	CNNVD	id:	CNNVD-202105-1119	date:	2021-05-17T00:00:00
db:	NVD	id:	CVE-2021-21559	date:	2021-06-08T18:15:08.197