Improper Certificate Validation in Dell EMC NetWorker Affecting Multiple Versions
CVE-2022-29082

3.7LOW

Key Information:

Vendor: Dell
Status: Networker
Vendor: CVE Published:; 26 May 2022

Summary

Dell EMC NetWorker versions listed are susceptible to a vulnerability that arises from improper validation of certificates with host mismatches on RabbitMQ's port 5671. This weakness can enable remote attackers to execute spoofing attacks by presenting fraudulent certificates, potentially leading to unauthorized access or data manipulation. Organizations using affected versions must assess their systems' security posture and apply the recommended patches to mitigate this vulnerability.

Affected Version(s)

NetWorker < 19.6.0.3

References

https://www.dell.com/support/kbdoc/000198987

x_refsource_MISC

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 26, 2022
Vulnerability Reserved
Apr 12, 2022