Sign-up

ID

VAR-202204-2125


CVE

CVE-2022-29082


TITLE

Dell's  emc networker  Certificate validation vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2022-010527

DESCRIPTION

Dell EMC NetWorker versions 19.1.x, 19.1.0.x, 19.1.1.x, 19.2.x, 19.2.0.x, 19.2.1.x 19.3.x, 19.3.0.x, 19.4.x, 19.4.0.x, 19.5.x,19.5.0.x, 19.6 and 19.6.0.1 and 19.6.0.2 contain an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port 5671 which could allow remote attackers to spoof certificates. Dell's emc networker Exists in a certificate validation vulnerability.Information may be obtained and information may be tampered with

Trust: 1.8

sources: NVD: CVE-2022-29082 // JVNDB: JVNDB-2022-010527 // VULHUB: VHN-420616 // VULMON: CVE-2022-29082

AFFECTED PRODUCTS

vendor:dellmodel:emc networkerscope:ltversion:19.5.0.7

Trust: 1.0

vendor:dellmodel:emc networkerscope:eqversion:19.6.1

Trust: 1.0

vendor:dellmodel:emc networkerscope:ltversion:19.6.0.3

Trust: 1.0

vendor:dellmodel:emc networkerscope:gteversion:19.1.1.0

Trust: 1.0

vendor:dellmodel:emc networkerscope:gteversion:19.6.0

Trust: 1.0

vendor:デルmodel:emc networkerscope:eqversion:19.6.0 that's all 19.6.0.3

Trust: 0.8

vendor:デルmodel:emc networkerscope:eqversion:19.1.1.0 that's all 19.5.0.7

Trust: 0.8

vendor:デルmodel:emc networkerscope: - version: -

Trust: 0.8

vendor:デルmodel:emc networkerscope:eqversion:19.6.1

Trust: 0.8

vendor:デルmodel:emc networkerscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-010527 // NVD: CVE-2022-29082

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-29082
value: MEDIUM

Trust: 1.0

security_alert@emc.com: CVE-2022-29082
value: LOW

Trust: 1.0

NVD: CVE-2022-29082
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202204-4598
value: MEDIUM

Trust: 0.6

VULHUB: VHN-420616
value: MEDIUM

Trust: 0.1

VULMON: CVE-2022-29082
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-29082
severity: MEDIUM
baseScore: 4.9
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-420616
severity: MEDIUM
baseScore: 4.9
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-29082
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.1
impactScore: 2.5
version: 3.1

Trust: 1.0

security_alert@emc.com: CVE-2022-29082
baseSeverity: LOW
baseScore: 3.7
vectorString: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 2.5
version: 3.1

Trust: 1.0

NVD: CVE-2022-29082
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-420616 // VULMON: CVE-2022-29082 // JVNDB: JVNDB-2022-010527 // CNNVD: CNNVD-202204-4598 // NVD: CVE-2022-29082 // NVD: CVE-2022-29082

PROBLEMTYPE DATA

problemtype:CWE-295

Trust: 1.1

problemtype:CWE-297

Trust: 1.0

problemtype:Illegal certificate verification (CWE-295) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-420616 // JVNDB: JVNDB-2022-010527 // NVD: CVE-2022-29082

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-4598

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202204-4598

EXTERNAL IDS

db:NVDid:CVE-2022-29082

Trust: 3.4

db:JVNDBid:JVNDB-2022-010527

Trust: 0.8

db:CNNVDid:CNNVD-202204-4598

Trust: 0.6

db:VULHUBid:VHN-420616

Trust: 0.1

db:VULMONid:CVE-2022-29082

Trust: 0.1

sources: VULHUB: VHN-420616 // VULMON: CVE-2022-29082 // JVNDB: JVNDB-2022-010527 // CNNVD: CNNVD-202204-4598 // NVD: CVE-2022-29082

REFERENCES

url:https://www.dell.com/support/kbdoc/000198987

Trust: 2.6

url:https://nvd.nist.gov/vuln/detail/cve-2022-29082

Trust: 0.8

url:https://vigilance.fr/vulnerability/dell-emc-networker-man-in-the-middle-via-rabbitmq-port-5671-38181

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-29082/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/295.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-420616 // VULMON: CVE-2022-29082 // JVNDB: JVNDB-2022-010527 // CNNVD: CNNVD-202204-4598 // NVD: CVE-2022-29082

SOURCES

db:VULHUBid:VHN-420616
db:VULMONid:CVE-2022-29082
db:JVNDBid:JVNDB-2022-010527
db:CNNVDid:CNNVD-202204-4598
db:NVDid:CVE-2022-29082

LAST UPDATE DATE

2024-11-23T22:50:49.155000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-420616date:2022-06-08T00:00:00
db:VULMONid:CVE-2022-29082date:2022-06-08T00:00:00
db:JVNDBid:JVNDB-2022-010527date:2023-08-15T08:11:00
db:CNNVDid:CNNVD-202204-4598date:2022-06-09T00:00:00
db:NVDid:CVE-2022-29082date:2024-11-21T06:58:27.150

SOURCES RELEASE DATE

db:VULHUBid:VHN-420616date:2022-05-26T00:00:00
db:VULMONid:CVE-2022-29082date:2022-05-26T00:00:00
db:JVNDBid:JVNDB-2022-010527date:2023-08-15T00:00:00
db:CNNVDid:CNNVD-202204-4598date:2022-04-29T00:00:00
db:NVDid:CVE-2022-29082date:2022-05-26T16:15:08.313