CVE-2022-29082

EPSS 0.08%
Published 26.05.2022 16:15:08
Last modified 21.11.2024 06:58:27
Source security_alert@emc.com
Teams watchlist Login
Open Login

Dell EMC NetWorker versions 19.1.x, 19.1.0.x, 19.1.1.x, 19.2.x, 19.2.0.x, 19.2.1.x 19.3.x, 19.3.0.x, 19.4.x, 19.4.0.x, 19.5.x,19.5.0.x, 19.6 and 19.6.0.1 and 19.6.0.2 contain an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port 5671 which could allow remote attackers to spoof certificates.

Affected products Warnungen 0 Metrics 4 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Dell ≫ Emc Networker Version >= 19.1.1.0 < 19.5.0.7

Dell ≫ Emc Networker Version >= 19.6.0 < 19.6.0.3

Dell ≫ Emc Networker Version19.6.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.08%	0.237

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.6	2.1	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
nvd@nist.gov	4.9	6.8	4.9	AV:N/AC:M/Au:S/C:P/I:P/A:N
security_alert@emc.com	3.7	1.2	2.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

CWE-297 Improper Validation of Certificate with Host Mismatch

The product communicates with a host that provides a certificate, but the product does not properly ensure that the certificate is actually associated with that host.

https://www.dell.com/support/kbdoc/000198987

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-29082

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-29082

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-29082

EUVD