CVE-2023-28055: DSA-2023-294: Security update for Dell NetWorker NW Client vulnerabilities

Impact

High

Details

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2023-28055

Dell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the same network could potentially exploit this by manipulating a command leading to gain of complete access to the server file further resulting in information leaks, denial of service, and arbitrary code execution. Dell recommends customers to upgrade at the earliest opportunity.

8.8

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2023-28055

Dell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the same network could potentially exploit this by manipulating a command leading to gain of complete access to the server file further resulting in information leaks, denial of service, and arbitrary code execution. Dell recommends customers to upgrade at the earliest opportunity.

8.8

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

CVEs Addressed

Product

Software/Firmware

Affected Versions

Remediated Versions

Link

CVE-2023-28055

Dell NetWorker

Dell NetWorker NW Client

Versions 19.9, 19.9.0.1

Versions 19.9.0.2

https://www.dell.com/support/home/product-support/product/networker/drivers

CVE-2023-28055

Dell NetWorker

Dell NetWorker NW Client

Versions 19.8
through 19.8.0.2

Versions 19.8.0.3

https://www.dell.com/support/home/product-support/product/networker/drivers

CVE-2023-28055

Dell NetWorker

Dell NetWorker NW Client

Versions 19.7 through 19.7.0.4

Versions 19.7.0.5

https://www.dell.com/support/home/product-support/product/networker/drivers

CVE-2023-28055

Dell NetWorker

Dell NetWorker NW Client

Version 19.7.1

Versions 19.9.0.2

https://www.dell.com/support/home/product-support/product/networker/drivers

CVEs Addressed

Product

Software/Firmware

Affected Versions

Remediated Versions

Link

CVE-2023-28055

Dell NetWorker

Dell NetWorker NW Client

Versions 19.9, 19.9.0.1

Versions 19.9.0.2

https://www.dell.com/support/home/product-support/product/networker/drivers

CVE-2023-28055

Dell NetWorker

Dell NetWorker NW Client

Versions 19.8
through 19.8.0.2

Versions 19.8.0.3

https://www.dell.com/support/home/product-support/product/networker/drivers

CVE-2023-28055

Dell NetWorker

Dell NetWorker NW Client

Versions 19.7 through 19.7.0.4

Versions 19.7.0.5

https://www.dell.com/support/home/product-support/product/networker/drivers

CVE-2023-28055

Dell NetWorker

Dell NetWorker NW Client

Version 19.7.1

Versions 19.9.0.2

https://www.dell.com/support/home/product-support/product/networker/drivers

Revision History

Revision

Date

Description

1.0

2023-09-26

Initial Release

2.0

2023-09-27

Added Point 4 Under “Additional Info” Section

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Additional Information

1. Platforms: Windows & Linux (All variants and flavors are impacted)
2. Impacted Components: Dell NetWorker NW Client
3. Since the capability to modify server files remotely was added in 19.7, this vulnerability is not applicable to Versions prior to 19.7.
4. Dell recommends that you always upgrade to the latest release/version for your product

NetWorker Family, NetWorker, NetWorker Series, NetWorker Module, Product Security Information