Unauthenticated Remote Code Execution Vulnerability in EMC NetWorker
CVE-2023-24576

9.8CRITICAL

Key Information:

Vendor: Dell
Status: NetWorker, NVE
Vendor: CVE Published:; 3 February 2023

Summary

EMC NetWorker is potentially exposed to a vulnerability that allows for unauthenticated remote code execution via the NetWorker Client execution service (nsrexecd). This issue enables an attacker to execute arbitrary code on the affected system without requiring authentication, posing a significant threat to the security of the network and data integrity.

Affected Version(s)

NetWorker, NVE 0 <= 19.7.0.2, 19.8 and earlier versions

References

https://www.dell.com/support/kbdoc/en-us/000208258/dsa-20...

vendor-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 3, 2023
Vulnerability Reserved
Jan 26, 2023