CVE-2021-36316

Dell EMC Avamar Server versions 18.2, 19.1, 19.2, 19.3, and 19.4 contain an improper privilege management vulnerability in AUI. A malicious user with high privileges could potentially exploit this vulnerability, leading to the disclosure of the AUI info and performing some unauthorized operation on the AUI.

CVSS v3 7.2 HIGH
CVSS v2.0 6.5 MEDIUM

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.dell.com/support/kbdoc/000193369	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:dell:emc_avamar_server:18.2:::::::*
	cpe:2.3:a:dell:emc_avamar_server:19.1:::::::*
	cpe:2.3:a:dell:emc_avamar_server:19.2:::::::*
	cpe:2.3:a:dell:emc_avamar_server:19.3:::::::*
	cpe:2.3:a:dell:emc_avamar_server:19.4:::::::*

History

05 Jan 2022, 16:19

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 6.5 v3 : 7.2
References	~~(CONFIRM) https://www.dell.com/support/kbdoc/000193369 -~~	(CONFIRM) https://www.dell.com/support/kbdoc/000193369 - Patch, Vendor Advisory
CPE		cpe:2.3:a:dell:emc_avamar_server:19.4:::::::* cpe:2.3:a:dell:emc_avamar_server:19.3:::::::* cpe:2.3:a:dell:emc_avamar_server:19.1:::::::* cpe:2.3:a:dell:emc_avamar_server:18.2:::::::* cpe:2.3:a:dell:emc_avamar_server:19.2:::::::*
First Time		Dell Dell emc Avamar Server
CWE		CWE-269

21 Dec 2021, 17:18

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-12-21 17:15

Updated : 2023-12-10 14:09

NVD link : CVE-2021-36316

Mitre link : CVE-2021-36316

CVE.ORG link : CVE-2021-36316

JSON object : View

Products Affected

dell

emc_avamar_server

CWE

CWE-269

Improper Privilege Management

{"id": "CVE-2021-36316", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}, {"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 5.5, "exploitabilityScore": 1.2}]}, "published": "2021-12-21T17:15:07.983", "references": [{"url": "https://www.dell.com/support/kbdoc/000193369", "tags": ["Patch", "Vendor Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-269"}]}, {"type": "Secondary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "Dell EMC Avamar Server versions 18.2, 19.1, 19.2, 19.3, and 19.4 contain an improper privilege management vulnerability in AUI. A malicious user with high privileges could potentially exploit this vulnerability, leading to the disclosure of the AUI info and performing some unauthorized operation on the AUI."}, {"lang": "es", "value": "Dell EMC Avamar Server versiones 18.2, 19.1, 19.2, 19.3 y 19.4, contienen una vulnerabilidad de administraci\u00f3n de privilegios inapropiada en AUI. Un usuario malicioso con altos privilegios podr\u00eda explotar esta vulnerabilidad, conllevando a una divulgaci\u00f3n de la informaci\u00f3n de AUI y la realizaci\u00f3n de alguna operaci\u00f3n no autorizada en el AUI"}], "lastModified": "2022-01-05T16:19:24.930", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:emc_avamar_server:18.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52BE822E-6FD6-4FC8-9DFC-A4073D31B58C"}, {"criteria": "cpe:2.3:a:dell:emc_avamar_server:19.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D055384E-1362-43FC-BD4C-9FAED912FE1F"}, {"criteria": "cpe:2.3:a:dell:emc_avamar_server:19.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB61C3E2-E97A-48FA-BECE-3593B77C1386"}, {"criteria": "cpe:2.3:a:dell:emc_avamar_server:19.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7FEBC8A-A479-4684-A870-19E5046EA3B0"}, {"criteria": "cpe:2.3:a:dell:emc_avamar_server:19.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC33D28B-F305-47AB-84DE-40A2DCB956AE"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}