CVE-2022-29082

Dell EMC NetWorker versions 19.1.x, 19.1.0.x, 19.1.1.x, 19.2.x, 19.2.0.x, 19.2.1.x 19.3.x, 19.3.0.x, 19.4.x, 19.4.0.x, 19.5.x,19.5.0.x, 19.6 and 19.6.0.1 and 19.6.0.2 contain an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port 5671 which could allow remote attackers to spoof certificates.

CVSS v3 4.6 MEDIUM
CVSS v2.0 4.9 MEDIUM

4.6^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.1 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

4.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:S/C:P/I:P/A:N

Exploitability : 6.8 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://www.dell.com/support/kbdoc/000198987	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:dell:emc_networker::::::::
	cpe:2.3:a:dell:emc_networker::::::::
	cpe:2.3:a:dell:emc_networker:19.6.1:::::::*

History

08 Jun 2022, 15:25

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 4.9 v3 : 4.6
CWE		CWE-295
References	~~(MISC) https://www.dell.com/support/kbdoc/000198987 -~~	(MISC) https://www.dell.com/support/kbdoc/000198987 - Vendor Advisory
CPE		cpe:2.3:a:dell:emc_networker:::::::: cpe:2.3:a:dell:emc_networker:19.6.1:::::::*

26 May 2022, 17:25

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-05-26 16:15

Updated : 2024-02-04 22:29

NVD link : CVE-2022-29082

Mitre link : CVE-2022-29082

CVE.ORG link : CVE-2022-29082

JSON object : View

Products Affected

dell

emc_networker

CWE

CWE-295

Improper Certificate Validation

CWE-297

Improper Validation of Certificate with Host Mismatch

{"id": "CVE-2022-29082", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.9, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.1}, {"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 1.2}]}, "published": "2022-05-26T16:15:08.313", "references": [{"url": "https://www.dell.com/support/kbdoc/000198987", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-295"}]}, {"type": "Secondary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-297"}]}], "descriptions": [{"lang": "en", "value": "Dell EMC NetWorker versions 19.1.x, 19.1.0.x, 19.1.1.x, 19.2.x, 19.2.0.x, 19.2.1.x 19.3.x, 19.3.0.x, 19.4.x, 19.4.0.x, 19.5.x,19.5.0.x, 19.6 and 19.6.0.1 and 19.6.0.2 contain an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port 5671 which could allow remote attackers to spoof certificates."}, {"lang": "es", "value": "Dell EMC NetWorker versiones 19.1.x, 19.1.0.x, 19.1.1.x, 19.2.x, 19.2.0.x, 19.2.1.x 19.3.x, 19.3.0.x, 19.4.x, 19.4.0.x, 19.5.x,19.5.0.x, 19.6 y 19.6.0.1 y 19. 6.0.2, contienen una vulnerabilidad de comprobaci\u00f3n inapropiada de certificado con desajuste de host en el puerto 5671 de Rabbitmq que podr\u00eda permitir a atacantes remotos falsificar certificados"}], "lastModified": "2022-06-08T15:25:47.373", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:emc_networker:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50809EA5-5FD4-4EA9-8B16-5B989C3148C3", "versionEndExcluding": "19.5.0.7", "versionStartIncluding": "19.1.1.0"}, {"criteria": "cpe:2.3:a:dell:emc_networker:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F023FC70-23F2-41DA-8C65-08E158202A68", "versionEndExcluding": "19.6.0.3", "versionStartIncluding": "19.6.0"}, {"criteria": "cpe:2.3:a:dell:emc_networker:19.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ABFB4AAA-A491-4B6E-91F2-79AA0D44EB1F"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}