Numéro d’article: 000188311
Medium
| Propriety Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-21569 | Dell NetWorker, versions 18.x and 19.x contain a Path traversal vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and gain access to unauthorized information. | 6.8 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N |
| CVE-2021-21570 |
Dell NetWorker, versions 18.x and 19.x contain an Information disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and gain access to unauthorized information. | 6.8 | CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H |
| Propriety Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-21569 | Dell NetWorker, versions 18.x and 19.x contain a Path traversal vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and gain access to unauthorized information. | 6.8 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N |
| CVE-2021-21570 |
Dell NetWorker, versions 18.x and 19.x contain an Information disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and gain access to unauthorized information. | 6.8 | CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H |
| CVEs Addressed | Product | Affected Versions | Updated Version | Link to Update |
| CVE-2021-21569 | Dell EMC NetWorker | Dell EMC NetWorker 18.x, 19.1.x, 19.2.x, 19.3.x, and 19.4.x versions prior to 19.4.0.4 | 19.4.0.4 If an updated version cannot be applied, follow the workaround that is detailed in the Workarounds and Mitigations section of this DSA. |
https://www.dell.com/support/home/en-in/product-support/product/networker/drivers |
| CVE-2021-21570 |
| CVEs Addressed | Product | Affected Versions | Updated Version | Link to Update |
| CVE-2021-21569 | Dell EMC NetWorker | Dell EMC NetWorker 18.x, 19.1.x, 19.2.x, 19.3.x, and 19.4.x versions prior to 19.4.0.4 | 19.4.0.4 If an updated version cannot be applied, follow the workaround that is detailed in the Workarounds and Mitigations section of this DSA. |
https://www.dell.com/support/home/en-in/product-support/product/networker/drivers |
| CVE-2021-21570 |
These vulnerabilities can be partially mitigated by configuring the Dell EMC NetWorker server to use nsrauth authentication, and configuring the NetWorker nonempty servers file. Follow the recommendations in the security configuration guide for your product version. These actions limit the scope of exploitation to authorized NetWorker users already defined with “Operator” level or higher privileges.
Mitigation procedure:
Step 1:
Configure the Dell EMC NetWorker server to use nsrauth:
See Security Configuration Guide Chapter 2.
Access Control Settings:
Component access control > Component authentication > Modifying the authentication methods used by NetWorker hosts
Step 2:
Configure the NetWorker nonempty servers file:
See Security Configuration Guide Chapter 2.
Access Control Settings:
Component access control > Component authorization > Restricting remote program executions and client-tasking rights
Note: If you are unsure of your NetWorker server's hostname or IP address, it is recommended to update the servers file with local hostname or IP address.
Security Configuration Guide Links:
Dell would like to thank Quentin Kaiser for reporting these vulnerabilities.
| Revision | Date | Description |
| 1.0 | 2021-06-12 | Initial Release |
| 1.1 | 2021-09-02 | Updated 'Affected Products and Remediation' Section |
NetWorker Family, NetWorker, NetWorker Series, Product Security Information
02 sept. 2021
Dell Security Advisory