Emc Networker
CVE-2018-11050
HIGH
Severity by source
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Dell EMC NetWorker versions between 9.0 and 9.1.1.8 through 9.2.1.3, and the version 18.1.0.1 contain a Clear-Text authentication over network vulnerability in the Rabbit MQ Advanced Message Queuing Protocol (AMQP) component. User credentials are sent unencrypted to the remote AMQP service. An unauthenticated attacker in the same network collision domain, could potentially sniff the password from the network and use it to access the component using the privileges of the compromised user.
AnalysisAI
Dell EMC NetWorker versions between 9.0 and 9.1.1.8 through 9.2.1.3, and the version 18.1.0.1 contain a Clear-Text authentication over network vulnerability in the Rabbit MQ Advanced Message Queuing. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-319. Dell EMC NetWorker versions between 9.0 and 9.1.1.8 through 9.2.1.3, and the version 18.1.0.1 contain a Clear-Text authentication over network vulnerability in the Rabbit MQ Advanced Message Queuing Protocol (AMQP) component. User credentials are sent unencrypted to the remote AMQP service. An unauthenticated attacker in the same network collision domain, could potentially sniff the password from the network and use it to access the component using the privileges of the compromised user. Affected products include: Dell Emc Networker. Version information: through 9.2.1.3.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Emc Networker
View allIn Dell EMC NetWorker versions prior to 9.2.1.1, versions prior to 9.1.1.6, 9.0.x, and versions prior to 8.2.4.11, the '
EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the NetWorker C
Dell EMC Networker versions prior to 19.5 contain an Improper Authorization vulnerability. Rated high severity (CVSS 7.8
Dell NetWorker versions 19.5 and earlier contain 'Apache Tomcat' version disclosure vulnerability. Rated medium severity
Dell NetWorker versions 19.5 and earlier contain 'RabbitMQ' version disclosure vulnerability. Rated medium severity (CVS
Dell EMC NetWorker 19.2.1.x 19.3.x, 19.4.x, 19.5.x, 19.6.x and 19.7.0.0 contain an Improper Handling of Insufficient Per
Dell EMC NetWorker, 19.4 or older, contain an uncontrolled resource consumption flaw in its API service. Rated medium se
Dell EMC NetWorker versions prior to 19.3.0.2 contain an improper authorization vulnerability. Rated medium severity (CV
Dell EMC NetWorker versions prior to 19.3.0.2 contain an incorrect privilege assignment vulnerability. Rated medium seve
Dell EMC NetWorker versions 18.x,19.x prior to 19.3.0.4 and 19.4.0.0 contain an Information Disclosure in Log Files vuln
Dell NetWorker Virtual Edition versions 19.8 and below contain the use of deprecated cryptographic algorithms in the SSH
Dell EMC NetWorker, versions 18.x, 19.1.x, 19.2.x 19.3.x, 19.4, and 19.4.0.1 contain an Improper Certificate Validation
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today