Unauthenticated Remote Code Execution Vulnerability in EMC NetWorker
CVE-2023-24576

7.5HIGH

Key Information:

Vendor: Dell
Status: Networker, Nve
Vendor: CVE Published:; 3 February 2023

What is CVE-2023-24576?

EMC NetWorker is potentially exposed to a vulnerability that allows for unauthenticated remote code execution via the NetWorker Client execution service (nsrexecd). This issue enables an attacker to execute arbitrary code on the affected system without requiring authentication, posing a significant threat to the security of the network and data integrity.

Affected Version(s)

NetWorker, NVE 0 <= 19.7.0.2, 19.8 and earlier versions

References

https://www.dell.com/support/kbdoc/en-us/000208258/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 3, 2023
Vulnerability Reserved
Jan 26, 2023

Dell

What is CVE-2023-24576?

Affected Version(s)

References

CVSS V3.1

Timeline