Headline
CVE-2023-25539: DSA-2023-060: Dell NetWorker Security Update for an nsrcapinfo Vulnerability.
Dell NetWorker 19.6.1.2, contains an OS command injection Vulnerability in the NetWorker client. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application’s underlying OS, with the privileges of the vulnerable application. This is a high severity vulnerability as the exploitation allows an attacker to take complete control of a system, so Dell recommends customers to upgrade at the earliest opportunity.
Vaikutus
High
Tiedot
Proprietary Code CVE(s)
Description
CVSS Base Score
CVSS Vector String
CVE-2023-25539
Dell NetWorker 19.6.1.2, contains an OS command injection Vulnerability in the NetWorker client. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application’s underlying OS, with the privileges of the vulnerable application. This is a high severity vulnerability as the exploitation allows an attacker to take complete control of a system, so Dell recommends customers to upgrade at the earliest opportunity.
8.4
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Proprietary Code CVE(s)
Description
CVSS Base Score
CVSS Vector String
CVE-2023-25539
Dell NetWorker 19.6.1.2, contains an OS command injection Vulnerability in the NetWorker client. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application’s underlying OS, with the privileges of the vulnerable application. This is a high severity vulnerability as the exploitation allows an attacker to take complete control of a system, so Dell recommends customers to upgrade at the earliest opportunity.
8.4
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.
Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen
CVE(s) Addressed
Product
Affected Version(s)
Updated Version(s)
Link to Update
CVE-2023-25539
Dell NetWorker
NVE
NetWorker 19.6.1.2 Linux and prior releases
NetWorker
19.7.0.3 Linux and prior releases,
19.7.1 Linux
19.8.0.1 & Later releases
19.7.0.4 & Later releases
https://www.dell.com/support/home/en-ca/product-support/product/networker/drivers
CVE(s) Addressed
Product
Affected Version(s)
Updated Version(s)
Link to Update
CVE-2023-25539
Dell NetWorker
NVE
NetWorker 19.6.1.2 Linux and prior releases
NetWorker
19.7.0.3 Linux and prior releases,
19.7.1 Linux
19.8.0.1 & Later releases
19.7.0.4 & Later releases
https://www.dell.com/support/home/en-ca/product-support/product/networker/drivers
Kiitokset
Dell Technologies would like to thank Maciej Kosz for reporting this issue.
Versiohistoria
Revision
Date
Description
1.0
2023-04-03
Initial Release
2.0
2023-05-11
Made changes to Updated Versions
Asiaan liittyvät tiedot
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide
Lisätietoja
The impacted component is NetWorker client and the affected platforms are Linux (CentOS, OEL, SuSE, RHEL, Debian, Ubuntu, Fedora).
NetWorker Family, NetWorker, NetWorker Series, NetWorker Module, Product Security Information
11 toukok. 2023