CVE-2022-29082

EPSS 0.08%
Veröffentlicht 26.05.2022 16:15:08
Zuletzt bearbeitet 21.11.2024 06:58:27
Quelle security_alert@emc.com
Teams Watchlist Login
Unerledigt Login

Dell EMC NetWorker versions 19.1.x, 19.1.0.x, 19.1.1.x, 19.2.x, 19.2.0.x, 19.2.1.x 19.3.x, 19.3.0.x, 19.4.x, 19.4.0.x, 19.5.x,19.5.0.x, 19.6 and 19.6.0.1 and 19.6.0.2 contain an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port 5671 which could allow remote attackers to spoof certificates.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dell ≫ Emc Networker Version >= 19.1.1.0 < 19.5.0.7

Dell ≫ Emc Networker Version >= 19.6.0 < 19.6.0.3

Dell ≫ Emc Networker Version19.6.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.237

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.6	2.1	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
nvd@nist.gov	4.9	6.8	4.9	AV:N/AC:M/Au:S/C:P/I:P/A:N
security_alert@emc.com	3.7	1.2	2.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

CWE-297 Improper Validation of Certificate with Host Mismatch

The product communicates with a host that provides a certificate, but the product does not properly ensure that the certificate is actually associated with that host.

https://www.dell.com/support/kbdoc/000198987

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-29082

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-29082

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-29082

EUVD