Article Number: 000218003
DSA-2023-294: Security update for Dell NetWorker NW Client vulnerabilities
Summary: Dell NetWorker remediation is available for NetWorker NW client that could be exploited by malicious users to compromise the affected system.
Article Content
Impact
High
Details
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-28055 | Dell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the same network could potentially exploit this by manipulating a command leading to gain of complete access to the server file further resulting in information leaks, denial of service, and arbitrary code execution. Dell recommends customers to upgrade at the earliest opportunity. | 8.8 | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-28055 | Dell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the same network could potentially exploit this by manipulating a command leading to gain of complete access to the server file further resulting in information leaks, denial of service, and arbitrary code execution. Dell recommends customers to upgrade at the earliest opportunity. | 8.8 | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Affected Products and Remediation
| CVEs Addressed | Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|---|
| CVE-2023-28055 | Dell NetWorker | Dell NetWorker NW Client | Versions 19.9, 19.9.0.1 | Versions 19.9.0.2 | https://www.dell.com/support/home/product-support/product/networker/drivers |
| CVE-2023-28055 | Dell NetWorker | Dell NetWorker NW Client | Versions 19.8 through 19.8.0.2 |
Versions 19.8.0.3 | https://www.dell.com/support/home/product-support/product/networker/drivers |
| CVE-2023-28055 | Dell NetWorker | Dell NetWorker NW Client | Versions 19.7 through 19.7.0.4 | Versions 19.7.0.5 | https://www.dell.com/support/home/product-support/product/networker/drivers |
| CVE-2023-28055 | Dell NetWorker | Dell NetWorker NW Client | Version 19.7.1 | Versions 19.9.0.2 | https://www.dell.com/support/home/product-support/product/networker/drivers |
| CVEs Addressed | Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|---|
| CVE-2023-28055 | Dell NetWorker | Dell NetWorker NW Client | Versions 19.9, 19.9.0.1 | Versions 19.9.0.2 | https://www.dell.com/support/home/product-support/product/networker/drivers |
| CVE-2023-28055 | Dell NetWorker | Dell NetWorker NW Client | Versions 19.8 through 19.8.0.2 |
Versions 19.8.0.3 | https://www.dell.com/support/home/product-support/product/networker/drivers |
| CVE-2023-28055 | Dell NetWorker | Dell NetWorker NW Client | Versions 19.7 through 19.7.0.4 | Versions 19.7.0.5 | https://www.dell.com/support/home/product-support/product/networker/drivers |
| CVE-2023-28055 | Dell NetWorker | Dell NetWorker NW Client | Version 19.7.1 | Versions 19.9.0.2 | https://www.dell.com/support/home/product-support/product/networker/drivers |
- Platforms: Windows & Linux (All variants and flavors are impacted)
- Impacted Components: Dell NetWorker NW Client
- Since the capability to modify server files remotely was added in 19.7, this vulnerability is not applicable to Versions prior to 19.7.
- Dell recommends that you always upgrade to the latest release/version for your product
Revision History
| Revision | Date | Description |
| 1.0 | 2023-09-26 | Initial Release |
| 2.0 | 2023-09-27 | Added Point 4 Under "Additional Info" Section |
Related Information
Legal Information
Article Properties
Affected Product
NetWorker Family, NetWorker, NetWorker Series, NetWorker Module, Product Security Information
Last Published Date
27 Sep 2023
Article Type
Dell Security Advisory