Artikelnummer: 000218003
DSA-2023-294: Security update for Dell NetWorker NW Client vulnerabilities
Samenvatting: Dell NetWorker remediation is available for NetWorker NW client that could be exploited by malicious users to compromise the affected system.
Article content
Impact
High
Gegevens
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-28055 | Dell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the same network could potentially exploit this by manipulating a command leading to gain of complete access to the server file further resulting in information leaks, denial of service, and arbitrary code execution. Dell recommends customers to upgrade at the earliest opportunity. | 8.8 | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-28055 | Dell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the same network could potentially exploit this by manipulating a command leading to gain of complete access to the server file further resulting in information leaks, denial of service, and arbitrary code execution. Dell recommends customers to upgrade at the earliest opportunity. | 8.8 | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Getroffen producten en herstel
| CVEs Addressed | Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|---|
| CVE-2023-28055 | Dell NetWorker | Dell NetWorker NW Client | Versions 19.9, 19.9.0.1 | Versions 19.9.0.2 | https://www.dell.com/support/home/product-support/product/networker/drivers |
| CVE-2023-28055 | Dell NetWorker | Dell NetWorker NW Client | Versions 19.8 through 19.8.0.2 |
Versions 19.8.0.3 | https://www.dell.com/support/home/product-support/product/networker/drivers |
| CVE-2023-28055 | Dell NetWorker | Dell NetWorker NW Client | Versions 19.7 through 19.7.0.4 | Versions 19.7.0.5 | https://www.dell.com/support/home/product-support/product/networker/drivers |
| CVE-2023-28055 | Dell NetWorker | Dell NetWorker NW Client | Version 19.7.1 | Versions 19.9.0.2 | https://www.dell.com/support/home/product-support/product/networker/drivers |
| CVEs Addressed | Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|---|
| CVE-2023-28055 | Dell NetWorker | Dell NetWorker NW Client | Versions 19.9, 19.9.0.1 | Versions 19.9.0.2 | https://www.dell.com/support/home/product-support/product/networker/drivers |
| CVE-2023-28055 | Dell NetWorker | Dell NetWorker NW Client | Versions 19.8 through 19.8.0.2 |
Versions 19.8.0.3 | https://www.dell.com/support/home/product-support/product/networker/drivers |
| CVE-2023-28055 | Dell NetWorker | Dell NetWorker NW Client | Versions 19.7 through 19.7.0.4 | Versions 19.7.0.5 | https://www.dell.com/support/home/product-support/product/networker/drivers |
| CVE-2023-28055 | Dell NetWorker | Dell NetWorker NW Client | Version 19.7.1 | Versions 19.9.0.2 | https://www.dell.com/support/home/product-support/product/networker/drivers |
- Platforms: Windows & Linux (All variants and flavors are impacted)
- Impacted Components: Dell NetWorker NW Client
- Since the capability to modify server files remotely was added in 19.7, this vulnerability is not applicable to Versions prior to 19.7.
- Dell recommends that you always upgrade to the latest release/version for your product
Revisiegeschiedenis
| Revision | Date | Description |
| 1.0 | 2023-09-26 | Initial Release |
| 2.0 | 2023-09-27 | Added Point 4 Under "Additional Info" Section |
Verwante informatie
Juridische informatie
Artikeleigenschappen
Getroffen product
NetWorker Family, NetWorker, NetWorker Series, NetWorker Module, Product Security Information
Datum laatst gepubliceerd
27 sep. 2023
Artikeltype
Dell Security Advisory