Details of VAR-202109-0302

ID

VAR-202109-0302

CVE

CVE-2021-21569

TITLE

Dell NetWorker Past traversal vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-012493

DESCRIPTION

Dell NetWorker, versions 18.x and 19.x contain a Path traversal vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and gain access to unauthorized information. Dell NetWorker is an application of Dell (Dell). Provides Dell's forum discussion function

Trust: 1.8

sources: NVD: CVE-2021-21569 // JVNDB: JVNDB-2021-012493 // VULHUB: VHN-379973 // VULMON: CVE-2021-21569

AFFECTED PRODUCTS

vendor:	dell	model:	emc networker	scope:	lt	version:	19.4.0.4	Trust: 1.0
vendor:	dell	model:	emc networker	scope:	gte	version:	18.1.0.1	Trust: 1.0
vendor:	dell emc 旧 emc	model:	networker	scope:	eq	version:	-	Trust: 0.8
vendor:	dell emc 旧 emc	model:	networker	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-012493 // NVD: CVE-2021-21569

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-21569
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2021-21569
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-21569
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202106-1226
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-379973
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-21569
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-21569
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-379973
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-21569
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.2
impactScore:	3.6
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2021-21569
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	4.0
version:	3.1
Trust: 1.0
NVD:	CVE-2021-21569
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-379973 // VULMON: CVE-2021-21569 // JVNDB: JVNDB-2021-012493 // CNNVD: CNNVD-202106-1226 // NVD: CVE-2021-21569 // NVD: CVE-2021-21569

PROBLEMTYPE DATA

problemtype:	CWE-22	Trust: 1.1
problemtype:	CWE-78	Trust: 1.0
problemtype:	Path traversal (CWE-22) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-379973 // JVNDB: JVNDB-2021-012493 // NVD: CVE-2021-21569

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-1226

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202106-1226

PATCH

title:	DSA-2021-124	url:	https://www.dell.com/support/kbdoc/ja-jp/000188311/dsa-2021-124-dell-networker-security-update-for-multiple-vulnerabilities	Trust: 0.8
title:	Dell NetWorker Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=154041	Trust: 0.6
title:	CVE-2021-21569	url:	https://github.com/AlAIAL90/CVE-2021-21569	Trust: 0.1

sources: VULMON: CVE-2021-21569 // JVNDB: JVNDB-2021-012493 // CNNVD: CNNVD-202106-1226

EXTERNAL IDS

db:	NVD	id:	CVE-2021-21569	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-012493	Trust: 0.8
db:	CNNVD	id:	CNNVD-202106-1226	Trust: 0.7
db:	VULHUB	id:	VHN-379973	Trust: 0.1
db:	VULMON	id:	CVE-2021-21569	Trust: 0.1

sources: VULHUB: VHN-379973 // VULMON: CVE-2021-21569 // JVNDB: JVNDB-2021-012493 // CNNVD: CNNVD-202106-1226 // NVD: CVE-2021-21569

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000188311/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21569	Trust: 0.8
url:	https://vigilance.fr/vulnerability/dell-networker-two-vulnerabilities-35689	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/22.html	Trust: 0.1
url:	https://github.com/alaial90/cve-2021-21569	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-379973 // VULMON: CVE-2021-21569 // JVNDB: JVNDB-2021-012493 // CNNVD: CNNVD-202106-1226 // NVD: CVE-2021-21569

SOURCES

db:	VULHUB	id:	VHN-379973
db:	VULMON	id:	CVE-2021-21569
db:	JVNDB	id:	JVNDB-2021-012493
db:	CNNVD	id:	CNNVD-202106-1226
db:	NVD	id:	CVE-2021-21569

LAST UPDATE DATE

2024-08-14T15:33:04.349000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-379973	date:	2021-10-01T00:00:00
db:	VULMON	id:	CVE-2021-21569	date:	2021-10-01T00:00:00
db:	JVNDB	id:	JVNDB-2021-012493	date:	2022-09-01T04:39:00
db:	CNNVD	id:	CNNVD-202106-1226	date:	2021-10-08T00:00:00
db:	NVD	id:	CVE-2021-21569	date:	2021-10-01T14:20:19.353

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-379973	date:	2021-09-28T00:00:00
db:	VULMON	id:	CVE-2021-21569	date:	2021-09-28T00:00:00
db:	JVNDB	id:	JVNDB-2021-012493	date:	2022-09-01T00:00:00
db:	CNNVD	id:	CNNVD-202106-1226	date:	2021-06-14T00:00:00
db:	NVD	id:	CVE-2021-21569	date:	2021-09-28T20:15:07.457