Improper Authorization in Dell EMC Networker Affects Local User Security
CVE-2021-36311

6MEDIUM

Key Information:

Vendor: Dell
Status: Networker
Vendor: CVE Published:; 23 November 2021

What is CVE-2021-36311?

Dell EMC Networker versions prior to 19.5 feature a vulnerability that allows a local user with networker user privileges to exploit improper authorization. This security flaw permits the malicious user to upload files to unauthorized locations within the system, potentially leading to execution of harmful files. Organizations utilizing affected versions should implement necessary security measures and update to the latest version to mitigate the risk.

Affected Version(s)

NetWorker < 19.5

References

https://www.dell.com/support/kbdoc/000192419

x_refsource_MISC

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 23, 2021
Vulnerability Reserved
Jul 8, 2021