Improper Authorization Vulnerability in Dell NetWorker Client by Dell
CVE-2023-28055

8.8HIGH

Key Information:

Vendor: Dell
Status: Networker
Vendor: CVE Published:; 27 September 2023

Summary

Dell NetWorker contains an improper authorization vulnerability within its client. An unauthenticated attacker on the same network could exploit this weakness by manipulating commands, which may grant them complete access to server files. This could lead to information leaks, a denial of service, and the potential for arbitrary code execution on the affected system. Dell urges customers to upgrade to a secure version promptly to mitigate these risks.

Affected Version(s)

NetWorker Versions 19.9 through 19.9.0.1

NetWorker Versions 19.8, through 19.8.0.2

NetWorker Versions 19.7 through 19.7.0.4

References

https://www.dell.com/support/kbdoc/en-us/000218003/dsa-20...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 27, 2023
Vulnerability Reserved
Mar 10, 2023