Security Advisory for Dell Security Updates

  • NIC-CERT/2022-04/210
  • Date: 2022-04-29
  • CVE ID: Multiples
  • Severity: High
  1. Description:

Multiple vulnerabilities have been reported in Dell EMC NetWorker which could allow an attacker to escalate privileges and gain unauthorized access on the targeted system.


  1. Security Issues Fixed:

Dell EMC NetWorker remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system. Only NetWorker Management Console Server and NetWorker Server components are impacted by these vulnerabilities.

Proprietary Code CVE

Description

CVE-2022-29082

Dell EMC NetWorker versions 19.1.x, 19.2.x, 19.3.x, 19.4.x, 19.5.x, 19.6, 19.6.0.1, 19.6.0.2, and 19.6.1 contain an Improper Validation of Certificate with Host Mismatch vulnerability in RabbitMQ port 5671 which may allow remote attackers to spoof certificates.

Third-Party Component

CVE

Apache HTTP

CVE-2022-22720


  1. Affected Products and Solution:

Below are the products which are affected: -

Product

Affected Versions

Updated Versions

Link to Update

Dell EMC NetWorker

19.1.x

19.6.0.3

https://www.dell.com/support/home/en-in/product-support/product/networker/drivers

19.2.x

19.3.x

19.4.x

19.5.x

19.6

19.6.0.1

19.6.0.2

19.6.1

Dell recommends all customers upgrade at the earliest opportunity.


  1. References:

https://www.dell.com/support/kbdoc/en-in/000198987/dsa-2022-103-dell-emc-networker-security-update-for-multiple-vulnerabilities