CVE-2023-28055
8.8
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Dell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the same network could potentially exploit this by manipulating a command leading to gain of complete access to the server file further resulting in information leaks, denial of service, and arbitrary code execution. Dell recommends customers to upgrade at the earliest opportunity.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Dell | NetWorker | Versions 19.9 through 19.9.0.1 | affected |
| Dell | NetWorker | Versions 19.8, through 19.8.0.2 | affected |
| Dell | NetWorker | Versions 19.7 through 19.7.0.4 | affected |
| Dell | NetWorker | Version 19.7.1 | affected |
Weaknesses
- CWE-285: CWE-285: Improper Authorization
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.