VAR-202010-0890
Vulnerability from variot - Updated: 2023-12-18 11:57Dell EMC NetWorker versions prior to 19.3.0.2 contain an improper authorization vulnerability. Certain remote users with low privileges may exploit this vulnerability to perform 'nsrmmdbd' operations in an unintended manner. The software provides backup and recovery, deduplication, backup reporting, and more
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202010-0890",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "emc networker",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "19.3.0.2"
},
{
"model": "networker",
"scope": "eq",
"trust": 0.8,
"vendor": "dell emc \u65e7 emc",
"version": null
},
{
"model": "networker",
"scope": "lt",
"trust": 0.8,
"vendor": "dell emc \u65e7 emc",
"version": "19.3.0.2 less than"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012393"
},
{
"db": "NVD",
"id": "CVE-2020-26183"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:dell:emc_networker:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "19.3.0.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-26183"
}
]
},
"cve": "CVE-2020-26183",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-26183",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-180236",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security_alert@emc.com",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.3,
"impactScore": 4.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-26183",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-26183",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2020-26183",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202010-735",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-180236",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-26183",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-180236"
},
{
"db": "VULMON",
"id": "CVE-2020-26183"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012393"
},
{
"db": "NVD",
"id": "CVE-2020-26183"
},
{
"db": "NVD",
"id": "CVE-2020-26183"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-735"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell EMC NetWorker versions prior to 19.3.0.2 contain an improper authorization vulnerability. Certain remote users with low privileges may exploit this vulnerability to perform \u0027nsrmmdbd\u0027 operations in an unintended manner. The software provides backup and recovery, deduplication, backup reporting, and more",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-26183"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012393"
},
{
"db": "VULHUB",
"id": "VHN-180236"
},
{
"db": "VULMON",
"id": "CVE-2020-26183"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-26183",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012393",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202010-735",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "50621",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-180236",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-26183",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-180236"
},
{
"db": "VULMON",
"id": "CVE-2020-26183"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012393"
},
{
"db": "NVD",
"id": "CVE-2020-26183"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-735"
}
]
},
"id": "VAR-202010-0890",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-180236"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:57:57.454000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-2020-229",
"trust": 0.8,
"url": "https://www.dell.com/support/security/en-us/details/546616/dsa-2020-229-dell-emc-networker-multiple-security-vulnerabilities"
},
{
"title": "Dell EMC NetWorker Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=131341"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012393"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-735"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-552",
"trust": 1.1
},
{
"problemtype": "Externally accessible file or directory (CWE-552) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-180236"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012393"
},
{
"db": "NVD",
"id": "CVE-2020-26183"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.dell.com/support/security/en-us/details/546616/dsa-2020-229-dell-emc-networker-multiple-security-vulnerabilities"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26183"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/50621"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/dell-emc-networker-privilege-escalation-33620"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/552.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189930"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-180236"
},
{
"db": "VULMON",
"id": "CVE-2020-26183"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012393"
},
{
"db": "NVD",
"id": "CVE-2020-26183"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-735"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-180236"
},
{
"db": "VULMON",
"id": "CVE-2020-26183"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012393"
},
{
"db": "NVD",
"id": "CVE-2020-26183"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-735"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-16T00:00:00",
"db": "VULHUB",
"id": "VHN-180236"
},
{
"date": "2020-10-16T00:00:00",
"db": "VULMON",
"id": "CVE-2020-26183"
},
{
"date": "2021-05-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-012393"
},
{
"date": "2020-10-16T18:15:12.880000",
"db": "NVD",
"id": "CVE-2020-26183"
},
{
"date": "2020-10-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-735"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-21T00:00:00",
"db": "VULHUB",
"id": "VHN-180236"
},
{
"date": "2020-10-21T00:00:00",
"db": "VULMON",
"id": "CVE-2020-26183"
},
{
"date": "2021-05-07T05:49:00",
"db": "JVNDB",
"id": "JVNDB-2020-012393"
},
{
"date": "2020-10-21T17:04:35.890000",
"db": "NVD",
"id": "CVE-2020-26183"
},
{
"date": "2020-11-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-735"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-735"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell\u00a0EMC\u00a0NetWorker\u00a0 Vulnerability in externally accessible files or directories in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012393"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-735"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…