Details of VAR-202111-1456

ID

VAR-202111-1456

CVE

CVE-2021-36311

TITLE

Dell EMC Networker Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-015445

DESCRIPTION

Dell EMC Networker versions prior to 19.5 contain an Improper Authorization vulnerability. Any local malicious user with networker user privileges may exploit this vulnerability to upload malicious file to unauthorized locations and execute it. Dell EMC Networker Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2021-36311 // JVNDB: JVNDB-2021-015445 // VULHUB: VHN-398195

AFFECTED PRODUCTS

vendor:	dell	model:	emc networker	scope:	lt	version:	19.5.0.0	Trust: 1.0
vendor:	dell emc 旧 emc	model:	networker	scope:	eq	version:	-	Trust: 0.8
vendor:	dell emc 旧 emc	model:	networker	scope:	eq	version:	19.5	Trust: 0.8

sources: JVNDB: JVNDB-2021-015445 // NVD: CVE-2021-36311

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-36311
value:	HIGH
Trust: 1.0
security_alert@emc.com:	CVE-2021-36311
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-36311
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202110-786
value:	HIGH
Trust: 0.6
VULHUB:	VHN-398195
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-36311
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-398195
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-36311
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2021-36311
baseSeverity:	MEDIUM
baseScore:	6.0
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.5
impactScore:	4.0
version:	3.1
Trust: 1.0
NVD:	CVE-2021-36311
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-398195 // JVNDB: JVNDB-2021-015445 // CNNVD: CNNVD-202110-786 // NVD: CVE-2021-36311 // NVD: CVE-2021-36311

PROBLEMTYPE DATA

problemtype:	CWE-285	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-015445 // NVD: CVE-2021-36311

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202110-786

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202110-786

PATCH

title:	DSA-2021-193	url:	https://www.dell.com/support/kbdoc/ja-jp/000192419/dsa-2021-193-dell-emc-networker-and-networker-vproxy-security-update-for-multiple-vulnerabilities	Trust: 0.8
title:	DELL EMC NetWorker Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=171444	Trust: 0.6

sources: JVNDB: JVNDB-2021-015445 // CNNVD: CNNVD-202110-786

EXTERNAL IDS

db:	NVD	id:	CVE-2021-36311	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-015445	Trust: 0.8
db:	CNNVD	id:	CNNVD-202110-786	Trust: 0.6
db:	VULHUB	id:	VHN-398195	Trust: 0.1

sources: VULHUB: VHN-398195 // JVNDB: JVNDB-2021-015445 // CNNVD: CNNVD-202110-786 // NVD: CVE-2021-36311

REFERENCES

url:	https://www.dell.com/support/kbdoc/000192419	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-36311	Trust: 1.4
url:	https://vigilance.fr/vulnerability/dell-emc-networker-client-file-upload-via-nsrexecd-nsrrcopy-36630	Trust: 0.6

sources: VULHUB: VHN-398195 // JVNDB: JVNDB-2021-015445 // CNNVD: CNNVD-202110-786 // NVD: CVE-2021-36311

SOURCES

db:	VULHUB	id:	VHN-398195
db:	JVNDB	id:	JVNDB-2021-015445
db:	CNNVD	id:	CNNVD-202110-786
db:	NVD	id:	CVE-2021-36311

LAST UPDATE DATE

2024-08-14T13:53:46.156000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-398195	date:	2022-04-25T00:00:00
db:	JVNDB	id:	JVNDB-2021-015445	date:	2022-11-21T06:58:00
db:	CNNVD	id:	CNNVD-202110-786	date:	2022-04-26T00:00:00
db:	NVD	id:	CVE-2021-36311	date:	2022-04-25T18:08:27.707

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-398195	date:	2021-11-23T00:00:00
db:	JVNDB	id:	JVNDB-2021-015445	date:	2022-11-21T00:00:00
db:	CNNVD	id:	CNNVD-202110-786	date:	2021-10-12T00:00:00
db:	NVD	id:	CVE-2021-36311	date:	2021-11-23T20:15:10.983