VAR-202010-0889
Vulnerability from variot - Updated: 2024-11-23 22:05Dell EMC NetWorker versions prior to 19.3.0.2 contain an incorrect privilege assignment vulnerability. A non-LDAP remote user with low privileges may exploit this vulnerability to perform 'saveset' related operations in an unintended manner. The vulnerability is not exploitable by users authenticated via LDAP. The software provides backup and recovery, deduplication, backup reporting, and more
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202010-0889",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "emc networker",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "19.3.0.2"
},
{
"model": "networker",
"scope": "eq",
"trust": 0.8,
"vendor": "dell emc \u65e7 emc",
"version": null
},
{
"model": "networker",
"scope": "lt",
"trust": 0.8,
"vendor": "dell emc \u65e7 emc",
"version": "19.3.0.2 less than"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012392"
},
{
"db": "NVD",
"id": "CVE-2020-26182"
}
]
},
"cve": "CVE-2020-26182",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-26182",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-180235",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-26182",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security_alert@emc.com",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.3,
"id": "CVE-2020-26182",
"impactScore": 4.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-26182",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-26182",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2020-26182",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-26182",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202010-733",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-180235",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-26182",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-180235"
},
{
"db": "VULMON",
"id": "CVE-2020-26182"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012392"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-733"
},
{
"db": "NVD",
"id": "CVE-2020-26182"
},
{
"db": "NVD",
"id": "CVE-2020-26182"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell EMC NetWorker versions prior to 19.3.0.2 contain an incorrect privilege assignment vulnerability. A non-LDAP remote user with low privileges may exploit this vulnerability to perform \u0027saveset\u0027 related operations in an unintended manner. The vulnerability is not exploitable by users authenticated via LDAP. The software provides backup and recovery, deduplication, backup reporting, and more",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-26182"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012392"
},
{
"db": "VULHUB",
"id": "VHN-180235"
},
{
"db": "VULMON",
"id": "CVE-2020-26182"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-26182",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012392",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202010-733",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "50625",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-180235",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-26182",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-180235"
},
{
"db": "VULMON",
"id": "CVE-2020-26182"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012392"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-733"
},
{
"db": "NVD",
"id": "CVE-2020-26182"
}
]
},
"id": "VAR-202010-0889",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-180235"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:05:25.248000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-2020-229",
"trust": 0.8,
"url": "https://www.dell.com/support/security/en-us/details/546616/DSA-2020-229-Dell-EMC-NetWorker-Multiple-Security-Vulnerabilities"
},
{
"title": "Dell EMC NetWorker Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=130551"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012392"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-733"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-552",
"trust": 1.1
},
{
"problemtype": "CWE-266",
"trust": 1.0
},
{
"problemtype": "Externally accessible file or directory (CWE-552) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-180235"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012392"
},
{
"db": "NVD",
"id": "CVE-2020-26182"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.dell.com/support/security/en-us/details/546616/dsa-2020-229-dell-emc-networker-multiple-security-vulnerabilities"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26182"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/50625"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/dell-emc-networker-privilege-escalation-33620"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/552.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189929"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-180235"
},
{
"db": "VULMON",
"id": "CVE-2020-26182"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012392"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-733"
},
{
"db": "NVD",
"id": "CVE-2020-26182"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-180235"
},
{
"db": "VULMON",
"id": "CVE-2020-26182"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012392"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-733"
},
{
"db": "NVD",
"id": "CVE-2020-26182"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-16T00:00:00",
"db": "VULHUB",
"id": "VHN-180235"
},
{
"date": "2020-10-16T00:00:00",
"db": "VULMON",
"id": "CVE-2020-26182"
},
{
"date": "2021-05-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-012392"
},
{
"date": "2020-10-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-733"
},
{
"date": "2020-10-16T18:15:12.787000",
"db": "NVD",
"id": "CVE-2020-26182"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-21T00:00:00",
"db": "VULHUB",
"id": "VHN-180235"
},
{
"date": "2020-10-21T00:00:00",
"db": "VULMON",
"id": "CVE-2020-26182"
},
{
"date": "2021-05-07T05:49:00",
"db": "JVNDB",
"id": "JVNDB-2020-012392"
},
{
"date": "2020-11-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-733"
},
{
"date": "2024-11-21T05:19:28.250000",
"db": "NVD",
"id": "CVE-2020-26182"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-733"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell\u00a0EMC\u00a0NetWorker\u00a0 Vulnerability in externally accessible files or directories in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012392"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-733"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…