Artikelnummer: 000210471

DSA-2023-058: Dell NetWorker Security Update for Version Disclosure Vulnerability

Samenvatting: Dell NetWorker remediation is available for multiple version disclosure security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Article content

Impact

High

Gegevens

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2023-25544	Dell NetWorker versions 19.5 and earlier contain 'Apache Tomcat' version disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and may launch target-specific attacks.	7.5 High	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2023-24567	Dell NetWorker versions 19.5 and earlier contain 'RabbitMQ' version disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and may launch target-specific attacks.	7.5 High	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2023-25544	Dell NetWorker versions 19.5 and earlier contain 'Apache Tomcat' version disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and may launch target-specific attacks.	7.5 High	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2023-24567	Dell NetWorker versions 19.5 and earlier contain 'RabbitMQ' version disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and may launch target-specific attacks.	7.5 High	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Dell Technologies raadt aan dat alle klanten rekening houden met zowel de basisscore van CVSS als alle relevante tijdelijke en omgevingsscores die gevolgen kunnen hebben voor de mogelijke ernst van de specifieke beveiligingsproblemen.

Getroffen producten en herstel

CVEs Addressed	Product	Affected Versions	Updated Versions	Applicable platforms	Link to Update
CVE-2023-25544	Dell NetWorker, NVE	19.5 and earlier versions	19.6 and later versions	Windows, Linux (CentOS, OEL, SuSE, Red Hat Enterprise Linux, Debian, Ubuntu, Fedora)	https://www.dell.com/support/home/en-ca/product-support/product/networker/drivers
CVE-2023-24567	Dell NetWorker, NVE	19.5 and earlier versions	19.6 and later versions

NOTE: Impacted components: NetWorker AuthC, NetWorker Server.

CVEs Addressed	Product	Affected Versions	Updated Versions	Applicable platforms	Link to Update
CVE-2023-25544	Dell NetWorker, NVE	19.5 and earlier versions	19.6 and later versions	Windows, Linux (CentOS, OEL, SuSE, Red Hat Enterprise Linux, Debian, Ubuntu, Fedora)	https://www.dell.com/support/home/en-ca/product-support/product/networker/drivers
CVE-2023-24567	Dell NetWorker, NVE	19.5 and earlier versions	19.6 and later versions

NOTE: Impacted components: NetWorker AuthC, NetWorker Server.

Revisiegeschiedenis

Revision	Date	Description
1.0	2023-03-01	Initial Release

Verwante informatie

Juridische informatie

Artikeleigenschappen

Getroffen product

NetWorker Family, NetWorker, NetWorker Series, NetWorker Module, Product Security Information

Datum laatst gepubliceerd

01 mrt. 2023

Artikeltype

Dell Security Advisory

Terug naar boven

Welkom

Welkom bij Dell