Multiple vulnerabilities in Dell EMC NetWorker vProxy



| Updated: 2023-02-03
Risk High
Patch available YES
Number of vulnerabilities 25
CVE-ID CVE-2021-26388
CVE-2022-1271
CVE-2022-1586
CVE-2022-1304
CVE-2021-28153
CVE-2022-21151
CVE-2022-29155
CVE-2022-27782
CVE-2022-27781
CVE-2022-29824
CVE-2017-16932
CVE-2021-46744
CVE-2021-26378
CVE-2021-26312
CVE-2021-26376
CVE-2021-26375
CVE-2021-26373
CVE-2021-26372
CVE-2021-26364
CVE-2021-26350
CVE-2021-26349
CVE-2021-26348
CVE-2021-26347
CVE-2021-26342
CVE-2021-26339
CWE-ID CWE-125
CWE-20
CWE-787
CWE-61
CWE-200
CWE-89
CWE-303
CWE-835
CWE-190
CWE-400
CWE-310
CWE-119
CWE-367
CWE-254
CWE-399
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Dell EMC NetWorker vProxy
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor Dell

Security Bulletin

This security bulletin contains information about 25 vulnerabilities.

1) Out-of-bounds read

EUVDB-ID: #VU63687

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-26388

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation in the BIOS directory that allows for searches to read beyond the directory table copy in RAM. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC NetWorker vProxy: 4.3.0 - 4.3.0-31

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000203317/dsa-2022-252-dell-emc-networker-vproxy-security-update-for-multiple-third-party-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Input validation error

EUVDB-ID: #VU62002

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-1271

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation when processing filenames with two or more newlines. A remote attacker can force zgrep or xzgrep to write arbitrary files on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC NetWorker vProxy: 4.3.0 - 4.3.0-31

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000203317/dsa-2022-252-dell-emc-networker-vproxy-security-update-for-multiple-third-party-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds read

EUVDB-ID: #VU63945

Risk: Medium

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-1586

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to a boundary condition in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. A remote attacker can pass specially crafted data to the application, trigger out-of-bounds read error, gain access to sensitive information or perform a denial of service attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC NetWorker vProxy: 4.3.0 - 4.3.0-31

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000203317/dsa-2022-252-dell-emc-networker-vproxy-security-update-for-multiple-third-party-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Out-of-bounds write

EUVDB-ID: #VU64075

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-1304

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input. A local attacker can use a specially crafted filesystem, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC NetWorker vProxy: 4.3.0 - 4.3.0-31

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000203317/dsa-2022-252-dell-emc-networker-vproxy-security-update-for-multiple-third-party-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) UNIX symbolic link following

EUVDB-ID: #VU51454

Risk: Low

CVSSv3.1: 2.2 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-28153

CWE-ID: CWE-61 - UNIX Symbolic Link (Symlink) Following

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a symlink following issue, when g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.

Successful exploitation of this vulnerability may result in privilege escalation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC NetWorker vProxy: 4.3.0 - 4.3.0-31

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000203317/dsa-2022-252-dell-emc-networker-vproxy-security-update-for-multiple-third-party-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Information disclosure

EUVDB-ID: #VU63348

Risk: Low

CVSSv3.1: 5.2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21151

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to an error during processor optimization removal or modification of security-critical code. A local privileged user can gain access to potentially sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC NetWorker vProxy: 4.3.0 - 4.3.0-31

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000203317/dsa-2022-252-dell-emc-networker-vproxy-security-update-for-multiple-third-party-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) SQL injection

EUVDB-ID: #VU63343

Risk: High

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-29155

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data in the experimental back-sql backend to slapd during an LDAP search operation when the search filter is processed. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC NetWorker vProxy: 4.3.0 - 4.3.0-31

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000203317/dsa-2022-252-dell-emc-networker-vproxy-security-update-for-multiple-third-party-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Incorrect Implementation of Authentication Algorithm

EUVDB-ID: #VU63009

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-27782

CWE-ID: CWE-303 - Incorrect Implementation of Authentication Algorithm

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the way libcurl handles previously used connections in a connection pool for subsequent transfers. Several TLS and SSH settings were left out from the configuration match checks, resulting in erroneous matches for different resources. As a result, libcurl can send authentication string from one resource to another, exposing credentials to a third-party.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC NetWorker vProxy: 4.3.0 - 4.3.0-31

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000203317/dsa-2022-252-dell-emc-networker-vproxy-security-update-for-multiple-third-party-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Infinite loop

EUVDB-ID: #VU63008

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-27781

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop when handling requests with the CURLOPT_CERTINFO option. A remote attacker can consume all available system resources and cause denial of service conditions.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC NetWorker vProxy: 4.3.0 - 4.3.0-31

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000203317/dsa-2022-252-dell-emc-networker-vproxy-security-update-for-multiple-third-party-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Integer overflow

EUVDB-ID: #VU62741

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-29824

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*). A remote attacker can pass specially crafted multi-gigabyte XML file to the application, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC NetWorker vProxy: 4.3.0 - 4.3.0-31

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000203317/dsa-2022-252-dell-emc-networker-vproxy-security-update-for-multiple-third-party-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Resource exhaustion

EUVDB-ID: #VU9542

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-16932

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in parser.c function due to improper handling of certain parameter entities. A remote attacker can supply specially constructed XML data, trigger resource exhaustion and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC NetWorker vProxy: 4.3.0 - 4.3.0-31

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000203317/dsa-2022-252-dell-emc-networker-vproxy-security-update-for-multiple-third-party-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Cryptographic issues

EUVDB-ID: #VU63692

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-46744

CWE-ID: CWE-310 - Cryptographic Issues

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a ciphertext side channel attack where data in specific cryptographic algorithms can be inferred in a SEV guest by monitoring the ciphertext values over time. A local user with access to the hypervisor can gain access to sensitive information, related to the guest OS.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC NetWorker vProxy: 4.3.0 - 4.3.0-31

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000203317/dsa-2022-252-dell-emc-networker-vproxy-security-update-for-multiple-third-party-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Buffer overflow

EUVDB-ID: #VU63682

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-26378

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in System Management Unit (SMU). A local user can trigger memory corruption and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC NetWorker vProxy: 4.3.0 - 4.3.0-31

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000203317/dsa-2022-252-dell-emc-networker-vproxy-security-update-for-multiple-third-party-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Out-of-bounds write

EUVDB-ID: #VU63690

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-26312

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error caused by failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU). A local user can force an IO device to write to memory it should not be able to access and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC NetWorker vProxy: 4.3.0 - 4.3.0-31

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000203317/dsa-2022-252-dell-emc-networker-vproxy-security-update-for-multiple-third-party-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Input validation error

EUVDB-ID: #VU63680

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-26376

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in System Management Unit (SMU) FeatureConfig. A local user can re-enable certain features, which can lead to denial of service.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC NetWorker vProxy: 4.3.0 - 4.3.0-31

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000203317/dsa-2022-252-dell-emc-networker-vproxy-security-update-for-multiple-third-party-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Buffer overflow

EUVDB-ID: #VU63681

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-26375

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in System Management Unit (SMU). A local user can trigger memory corruption and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC NetWorker vProxy: 4.3.0 - 4.3.0-31

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000203317/dsa-2022-252-dell-emc-networker-vproxy-security-update-for-multiple-third-party-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Buffer overflow

EUVDB-ID: #VU63678

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-26373

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the System Management Unit (SMU). A local user can trigger a system voltage malfunction and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC NetWorker vProxy: 4.3.0 - 4.3.0-31

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000203317/dsa-2022-252-dell-emc-networker-vproxy-security-update-for-multiple-third-party-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Buffer overflow

EUVDB-ID: #VU63683

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-26372

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in System Management Unit (SMU). A local user can trigger memory corruption and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC NetWorker vProxy: 4.3.0 - 4.3.0-31

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000203317/dsa-2022-252-dell-emc-networker-vproxy-security-update-for-multiple-third-party-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Buffer overflow

EUVDB-ID: #VU63689

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-26364

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in an SMU mailbox register. A local user can force SMU to read outside of the SRAM address range and perform a denial of service attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC NetWorker vProxy: 4.3.0 - 4.3.0-31

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000203317/dsa-2022-252-dell-emc-networker-vproxy-security-update-for-multiple-third-party-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Time-of-check Time-of-use (TOCTOU) Race Condition

EUVDB-ID: #VU63691

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-26350

CWE-ID: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition in the System Management Unit (SMU). A local user can obtain and manipulate the address of a message port register and perform a denial of service attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC NetWorker vProxy: 4.3.0 - 4.3.0-31

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000203317/dsa-2022-252-dell-emc-networker-vproxy-security-update-for-multiple-third-party-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Security features bypass

EUVDB-ID: #VU63688

Risk: Medium

CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-26349

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows an attacker to compromise the guest OS.

The vulnerability exists due to failure to assign a new report ID to an imported guest. This can result in an SEV-SNP guest VM being tricked into trusting a dishonest Migration Agent (MA).

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC NetWorker vProxy: 4.3.0 - 4.3.0-31

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000203317/dsa-2022-252-dell-emc-networker-vproxy-security-update-for-multiple-third-party-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Resource management error

EUVDB-ID: #VU63685

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-26348

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU). A local user can force the IO device into writing data to memory it should not be able to access.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC NetWorker vProxy: 4.3.0 - 4.3.0-31

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000203317/dsa-2022-252-dell-emc-networker-vproxy-security-update-for-multiple-third-party-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Time-of-check Time-of-use (TOCTOU) Race Condition

EUVDB-ID: #VU63679

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-26347

CWE-ID: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition in the System Management Unit (SMU). A local user can force the DMA (Direct Memory Access) to reference an invalid DRAM address and perform a denial of service attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC NetWorker vProxy: 4.3.0 - 4.3.0-31

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000203317/dsa-2022-252-dell-emc-networker-vproxy-security-update-for-multiple-third-party-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Resource management error

EUVDB-ID: #VU63686

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-26342

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to the CPU may fail to flush the Translation Lookaside Buffer (TLB) in SEV guest VMs. A local user can execute a particular sequence of operations that includes creation of a new virtual machine control block (VMCB) and disclose the SEV guest memory contents.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC NetWorker vProxy: 4.3.0 - 4.3.0-31

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000203317/dsa-2022-252-dell-emc-networker-vproxy-security-update-for-multiple-third-party-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Input validation error

EUVDB-ID: #VU63684

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-26339

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in the AMD CPU’s core logic when using specific code from an unprivileged VM. A remote user with low-privileged access to guest OS can send a specific x86 instruction sequence that triggers CPU core hang.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC NetWorker vProxy: 4.3.0 - 4.3.0-31

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000203317/dsa-2022-252-dell-emc-networker-vproxy-security-update-for-multiple-third-party-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###