Details of VAR-202207-1802

ID

VAR-202207-1802

CVE

CVE-2022-34368

TITLE

DELL EMC ( Old EMC Corporation) of EMC NetWorker Vulnerability in handling exceptional conditions in

Trust: 0.8

sources: JVNDB: JVNDB-2022-016141

DESCRIPTION

Dell EMC NetWorker 19.2.1.x 19.3.x, 19.4.x, 19.5.x, 19.6.x and 19.7.0.0 contain an Improper Handling of Insufficient Permissions or Privileges vulnerability. Authenticated non admin user could exploit this vulnerability and gain access to restricted resources. Dell EMC NetWorker is a set of unified backup and recovery software from Dell. The software provides backup and recovery, deduplication, backup reporting, and more

Trust: 1.8

sources: NVD: CVE-2022-34368 // JVNDB: JVNDB-2022-016141 // VULHUB: VHN-426684 // VULMON: CVE-2022-34368

AFFECTED PRODUCTS

vendor:	dell	model:	emc networker	scope:	lt	version:	19.6.1.2	Trust: 1.0
vendor:	dell	model:	emc networker	scope:	gte	version:	19.2.1.0	Trust: 1.0
vendor:	dell	model:	emc networker	scope:	eq	version:	19.7.0.0	Trust: 1.0
vendor:	dell emc 旧 emc	model:	networker	scope:	eq	version:	-	Trust: 0.8
vendor:	dell emc 旧 emc	model:	networker	scope:	-	version:	-	Trust: 0.8
vendor:	dell emc 旧 emc	model:	networker	scope:	eq	version:	19.7.0.0	Trust: 0.8
vendor:	dell emc 旧 emc	model:	networker	scope:	eq	version:	19.2.1.0 that's all 19.6.1.2	Trust: 0.8

sources: JVNDB: JVNDB-2022-016141 // NVD: CVE-2022-34368

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-34368
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2022-34368
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-34368
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202207-2309
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-34368
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2022-34368
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	LOW
exploitabilityScore:	0.6
impactScore:	5.5
version:	3.1
Trust: 1.0
NVD:	CVE-2022-34368
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-016141 // CNNVD: CNNVD-202207-2309 // NVD: CVE-2022-34368 // NVD: CVE-2022-34368

PROBLEMTYPE DATA

problemtype:	CWE-755	Trust: 1.1
problemtype:	CWE-280	Trust: 1.0
problemtype:	Improper handling in exceptional conditions (CWE-755) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-426684 // JVNDB: JVNDB-2022-016141 // NVD: CVE-2022-34368

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202207-2309

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202207-2309

EXTERNAL IDS

db:	NVD	id:	CVE-2022-34368	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-016141	Trust: 0.8
db:	CNNVD	id:	CNNVD-202207-2309	Trust: 0.7
db:	VULHUB	id:	VHN-426684	Trust: 0.1
db:	VULMON	id:	CVE-2022-34368	Trust: 0.1

sources: VULHUB: VHN-426684 // VULMON: CVE-2022-34368 // JVNDB: JVNDB-2022-016141 // CNNVD: CNNVD-202207-2309 // NVD: CVE-2022-34368

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000201652/dsa-2022-194-dell-emc-networker-security-update-for-insufficient-privileges-vulnerability	Trust: 2.6
url:	https://nvd.nist.gov/vuln/detail/cve-2022-34368	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-34368/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/dell-emc-networker-privilege-escalation-via-management-console-38892	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-426684 // VULMON: CVE-2022-34368 // JVNDB: JVNDB-2022-016141 // CNNVD: CNNVD-202207-2309 // NVD: CVE-2022-34368

SOURCES

db:	VULHUB	id:	VHN-426684
db:	VULMON	id:	CVE-2022-34368
db:	JVNDB	id:	JVNDB-2022-016141
db:	CNNVD	id:	CNNVD-202207-2309
db:	NVD	id:	CVE-2022-34368

LAST UPDATE DATE

2024-08-14T13:53:10.217000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-426684	date:	2022-09-07T00:00:00
db:	VULMON	id:	CVE-2022-34368	date:	2022-08-30T00:00:00
db:	JVNDB	id:	JVNDB-2022-016141	date:	2023-10-02T08:10:00
db:	CNNVD	id:	CNNVD-202207-2309	date:	2022-09-08T00:00:00
db:	NVD	id:	CVE-2022-34368	date:	2022-09-07T01:19:50.550

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-426684	date:	2022-08-30T00:00:00
db:	VULMON	id:	CVE-2022-34368	date:	2022-08-30T00:00:00
db:	JVNDB	id:	JVNDB-2022-016141	date:	2023-10-02T00:00:00
db:	CNNVD	id:	CNNVD-202207-2309	date:	2022-07-22T00:00:00
db:	NVD	id:	CVE-2022-34368	date:	2022-08-30T21:15:08.790