CVE-2024-22432

Name of the Vulnerable Software and Affected Versions Dell EMC NetWorker versions 19.9 and all prior versions

Description The issue is related to insufficient protection of registration data, which may allow an attacker to obtain user registration data. Specifically, a plain-text password is stored in a temporary config file during backup duration in NMDA MySQL Database backups. A user with low privilege access to the Networker Client system could potentially exploit this, leading to the disclosure of configured MySQL Database user credentials. The attacker may then use the exposed credentials to access the vulnerable application Database with the privileges of the compromised account.

Recommendations For versions 19.9 and all prior versions, consider disabling the storage of plain-text passwords in temporary config files during backup operations as a temporary workaround until a patch is available. Restrict access to the Networker Client system to minimize the risk of exploitation. Avoid using low privilege access to the Networker Client system for MySQL Database backups until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.