Details of VAR-202108-0518

ID

VAR-202108-0518

CVE

CVE-2021-21600

TITLE

Dell EMC NetWorker Vulnerability regarding lack of resource release after valid lifetime in

Trust: 0.8

sources: JVNDB: JVNDB-2021-010201

DESCRIPTION

Dell EMC NetWorker, 19.4 or older, contain an uncontrolled resource consumption flaw in its API service. An authorized API user could potentially exploit this vulnerability via the web and desktop user interfaces, leading to denial of service in the manageability path

Trust: 1.8

sources: NVD: CVE-2021-21600 // JVNDB: JVNDB-2021-010201 // VULHUB: VHN-380004 // VULMON: CVE-2021-21600

AFFECTED PRODUCTS

vendor:	dell	model:	emc networker	scope:	lte	version:	19.4.0.0	Trust: 1.0
vendor:	dell	model:	emc networker	scope:	gte	version:	18.1.0.1	Trust: 1.0
vendor:	dell emc 旧 emc	model:	networker	scope:	lte	version:	19.4 and earlier	Trust: 0.8
vendor:	dell emc 旧 emc	model:	networker	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-010201 // NVD: CVE-2021-21600

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-21600
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2021-21600
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-21600
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202107-1588
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-380004
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-21600
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-21600
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-380004
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-21600
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2021-010201
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-380004 // VULMON: CVE-2021-21600 // JVNDB: JVNDB-2021-010201 // CNNVD: CNNVD-202107-1588 // NVD: CVE-2021-21600 // NVD: CVE-2021-21600

PROBLEMTYPE DATA

problemtype:	CWE-772	Trust: 1.1
problemtype:	Lack of resource release after valid lifetime (CWE-772) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-380004 // JVNDB: JVNDB-2021-010201 // NVD: CVE-2021-21600

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-1588

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202107-1588

PATCH

title:	DSA-2021-125	url:	https://www.dell.com/support/kbdoc/ja-jp/000189694/dsa-2021-125-dell-emc-networker-security-update-for-multiple-vulnerabilities	Trust: 0.8
title:	Dell NetWorker Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159453	Trust: 0.6

sources: JVNDB: JVNDB-2021-010201 // CNNVD: CNNVD-202107-1588

EXTERNAL IDS

db:	NVD	id:	CVE-2021-21600	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-010201	Trust: 0.8
db:	CNNVD	id:	CNNVD-202107-1588	Trust: 0.6
db:	VULHUB	id:	VHN-380004	Trust: 0.1
db:	VULMON	id:	CVE-2021-21600	Trust: 0.1

sources: VULHUB: VHN-380004 // VULMON: CVE-2021-21600 // JVNDB: JVNDB-2021-010201 // CNNVD: CNNVD-202107-1588 // NVD: CVE-2021-21600

REFERENCES

url:	https://www.dell.com/support/kbdoc/000189694	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21600	Trust: 1.4
url:	https://vigilance.fr/vulnerability/dell-networker-denial-of-service-via-api-service-35958	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/772.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-380004 // VULMON: CVE-2021-21600 // JVNDB: JVNDB-2021-010201 // CNNVD: CNNVD-202107-1588 // NVD: CVE-2021-21600

SOURCES

db:	VULHUB	id:	VHN-380004
db:	VULMON	id:	CVE-2021-21600
db:	JVNDB	id:	JVNDB-2021-010201
db:	CNNVD	id:	CNNVD-202107-1588
db:	NVD	id:	CVE-2021-21600

LAST UPDATE DATE

2024-08-14T14:55:53.933000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-380004	date:	2021-08-18T00:00:00
db:	VULMON	id:	CVE-2021-21600	date:	2021-08-18T00:00:00
db:	JVNDB	id:	JVNDB-2021-010201	date:	2022-06-24T02:36:00
db:	CNNVD	id:	CNNVD-202107-1588	date:	2021-08-24T00:00:00
db:	NVD	id:	CVE-2021-21600	date:	2021-08-18T12:53:43.177

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-380004	date:	2021-08-10T00:00:00
db:	VULMON	id:	CVE-2021-21600	date:	2021-08-10T00:00:00
db:	JVNDB	id:	JVNDB-2021-010201	date:	2022-06-24T00:00:00
db:	CNNVD	id:	CNNVD-202107-1588	date:	2021-07-21T00:00:00
db:	NVD	id:	CVE-2021-21600	date:	2021-08-10T19:15:07.483