Dell EMC NetWorker 19.2-19.7 Privilege Escalation: Authenticated Non-Admin Access
CVE-2022-34368 Published on August 30, 2022
Dell EMC NetWorker 19.2.1.x 19.3.x, 19.4.x, 19.5.x, 19.6.x and 19.7.0.0 contain an Improper Handling of Insufficient Permissions or Privileges vulnerability. Authenticated non admin user could exploit this vulnerability and gain access to restricted resources.
Vulnerability Analysis
CVE-2022-34368 is exploitable with local system access, requires user interaction and user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and a small impact on availability.
Weakness Type
Improper Handling of Insufficient Permissions or Privileges
The application does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the application in an invalid state.
Products Associated with CVE-2022-34368
stack.watch emails you whenever new vulnerabilities are published in Dell Emc Networker or Dell Networker. Just hit a watch button to start following.
Affected Versions
Dell NetWorker Management Console:- Version unspecified and below 19.6.1.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.