Zapraszamy
Witryny firmy Dell
Witryny firmy Dell
Witamy w firmie Dell
Moje konto
- Szybkie i łatwe składanie zamówień
- Wyświetlanie zamówień i śledzenie stanu wysyłki
- Tworzenie i dostęp do listy produktów
- Na firmowej stronie administracji możesz zarządzać witrynami, produktami i danymi kontaktowymi firmy Dell EMC.
Numer artykułu: 000211267
DSA-2023-060: Dell NetWorker Security Update for an nsrcapinfo Vulnerability.
Podsumowanie: Dell NetWorker remediation is available for nsrcapinfo with option -c, -s vulnerability that could be exploited by malicious users to compromise the affected system.
Treść artykułu
Skutki
Critical
Szczegóły
| Proprietary Code CVE(s) |
Description | CVSS Base Score | CVSS Vector String |
| CVE-2023-25539 | Dell NetWorker 19.6.1.2, contains an OS command injection Vulnerability in the NetWorker client. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. This is a high severity vulnerability as the exploitation allows an attacker to take complete control of a system, so Dell recommends customers to upgrade at the earliest opportunity. | 9.1 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
| Proprietary Code CVE(s) |
Description | CVSS Base Score | CVSS Vector String |
| CVE-2023-25539 | Dell NetWorker 19.6.1.2, contains an OS command injection Vulnerability in the NetWorker client. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. This is a high severity vulnerability as the exploitation allows an attacker to take complete control of a system, so Dell recommends customers to upgrade at the earliest opportunity. | 9.1 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
Produkty, których dotyczy problem, i środki zaradcze
| CVE(s) Addressed |
Product | Affected Version(s) | Updated Version(s) | Link to Update |
| CVE-2023-25539 | Dell NetWorker NVE |
NetWorker 19.6.1.2 Linux and prior releases NetWorker 19.7.0.3 Linux and prior releases, 19.7.1 Linux |
19.8.0.1 & Later releases 19.7.0.4 & Later releases |
https://www.dell.com/support/home/en-ca/product-support/product/networker/drivers |
| CVE(s) Addressed |
Product | Affected Version(s) | Updated Version(s) | Link to Update |
| CVE-2023-25539 | Dell NetWorker NVE |
NetWorker 19.6.1.2 Linux and prior releases NetWorker 19.7.0.3 Linux and prior releases, 19.7.1 Linux |
19.8.0.1 & Later releases 19.7.0.4 & Later releases |
https://www.dell.com/support/home/en-ca/product-support/product/networker/drivers |
The impacted component is NetWorker client and the affected platforms are Linux (CentOS, OEL, SuSE, RHEL, Debian, Ubuntu, Fedora).
Podziękowania
Dell Technologies would like to thank Maciej Kosz for reporting this issue.
Historia zmian
| Revision | Date | Description |
| 1.0 | 2023-04-03 | Initial Release |
| 2.0 | 2023-05-11 | Made changes to Updated Versions |
| 3.0 | 2023-06-06 | Made changes to "Impact", "CVSS Base Score" & "CVSS Vector String" |
Powiązane informacje
Informacje prawne
Właściwości artykułu
Produkt, którego dotyczy problem
NetWorker Family, NetWorker, NetWorker Series, NetWorker Module, Product Security Information
Data ostatniej publikacji
06 cze 2023
Typ artykułu
Dell Security Advisory