4.8 CVE-2025-36582

Dell NetWorker, versions 19.12.0.1 and prior, contains a Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
https://nvd.nist.gov/vuln/detail/CVE-2025-36582

Categories

CWE-757 : Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
When a security mechanism can be forced to downgrade to use a less secure algorithm, this can make it easier for attackers to compromise the product by exploiting weaker algorithm. The victim might not be aware that the less secure algorithm is being used. For example, if an attacker can force a communications channel to use cleartext instead of strongly-encrypted data, then the attacker could read the channel by sniffing, instead of going through extra effort of trying to decrypt the data using brute force techniques.

References

security_alert@emc.com

https://www.dell.com/support/kbdoc/en-us/000338757/dsa-2025-268-security-upda... Vendor Advisory

CPE

cpe	start	end
Configuration 1
cpe:2.3:a:dell:networker::::::::		< 19.13

REMEDIATION

EXPLOITS

Exploit-db.com

id	description	date
No known exploits

POC Github

Url
No known exploits

Other Nist (github, ...)

Url
No known exploits

CAPEC

Common Attack Pattern Enumerations and Classifications

id	description	severity
220	Client-Server Protocol Manipulation An adversary takes advantage of weaknesses in the protocol by which a client and server are communicating to perform unexpected actions. Communication protocols are necessary to transfer messages between client and server applications. Moreover, different protocols may be used for different types of interactions.	Medium
606	Weakening of Cellular Encryption An attacker, with control of a Cellular Rogue Base Station or through cooperation with a Malicious Mobile Network Operator can force the mobile device (e.g., the retransmission device) to use no encryption (A5/0 mode) or to use easily breakable encryption (A5/1 or A5/2 mode).	High
620	Drop Encryption Level An attacker forces the encryption level to be lowered, thus enabling a successful attack against the encrypted data.	High

MITRE

Techniques

id	description
T1600	Weaken Encryption
© 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

Cybersecurity needs ?

Strengthen software security from the outset with our DevSecOps expertise

Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.

Discover this offer

Soutenez No Hack Me sur Tipeee