CVE-2022-29082 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2022-29082

Analyzed

More Info Official Page

Source-security_alert@emc.com

Published At-26 May, 2022 | 16:15

Updated At-08 Jun, 2022 | 15:25

Dell EMC NetWorker versions 19.1.x, 19.1.0.x, 19.1.1.x, 19.2.x, 19.2.0.x, 19.2.1.x 19.3.x, 19.3.0.x, 19.4.x, 19.4.0.x, 19.5.x,19.5.0.x, 19.6 and 19.6.0.1 and 19.6.0.2 contain an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port 5671 which could allow remote attackers to spoof certificates.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	4.6	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Secondary	3.1	3.7	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
Primary	2.0	4.9	MEDIUM	AV:N/AC:M/Au:S/C:P/I:P/A:N

Type: Primary

Version: 3.1

Base score: 4.6

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Type: Secondary

Version: 3.1

Base score: 3.7

Base severity: LOW

Vector:

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

Type: Primary

Version: 2.0

Base score: 4.9

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:S/C:P/I:P/A:N

CPE Matches

>>emc_networker>>Versions from 19.1.1.0(inclusive) to 19.5.0.7(exclusive)

cpe:2.3:a:dell:emc_networker:*:*:*:*:*:*:*:*

>>emc_networker>>Versions from 19.6.0(inclusive) to 19.6.0.3(exclusive)

cpe:2.3:a:dell:emc_networker:*:*:*:*:*:*:*:*

>>emc_networker>>19.6.1

cpe:2.3:a:dell:emc_networker:19.6.1:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-295	Primary	nvd@nist.gov
CWE-297	Secondary	security_alert@emc.com

CWE ID: CWE-295

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-297

Type: Secondary

Source: security_alert@emc.com

References

Hyperlink	Source	Resource
https://www.dell.com/support/kbdoc/000198987	security_alert@emc.com	Vendor Advisory

Hyperlink: https://www.dell.com/support/kbdoc/000198987

Source: security_alert@emc.com

Resource:

Vendor Advisory