PT-2023-21519 · Dell · Dell Networker
Published
2023-09-26
·
Updated
2023-09-29
·
CVE-2023-28055
CVSS v3.1
8.8
High
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Dell NetWorker version 19.7
Description
The issue is related to an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the same network could potentially exploit this by manipulating a command, leading to gain of complete access to the server file, further resulting in information leaks, denial of service, and arbitrary code execution.
Recommendations
For Dell NetWorker version 19.7, upgrade to a newer version at the earliest opportunity to resolve the issue. As a temporary workaround, consider restricting access to the NetWorker client to minimize the risk of exploitation.
Fix
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dell Networker