CVE-2023-28055

Dell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the same network could potentially exploit this by manipulating a command leading to gain of complete access to the server file further resulting in information leaks, denial of service, and arbitrary code execution. Dell recommends customers to upgrade at the earliest opportunity.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:dell:networker:*:*:*:*:*:*:*:*
cpe:2.3:a:dell:networker:*:*:*:*:*:*:*:*
cpe:2.3:a:dell:networker:*:*:*:*:*:*:*:*
cpe:2.3:a:dell:networker:19.7.1:*:*:*:*:*:*:*

History

29 Sep 2023, 17:36

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
CPE cpe:2.3:a:dell:networker:19.7.1:*:*:*:*:*:*:*
cpe:2.3:a:dell:networker:*:*:*:*:*:*:*:*
First Time Dell networker
Dell
References (MISC) https://www.dell.com/support/kbdoc/en-us/000218003/dsa-2023-294-security-update-for-dell-networker-nw-client-vulnerabilities - (MISC) https://www.dell.com/support/kbdoc/en-us/000218003/dsa-2023-294-security-update-for-dell-networker-nw-client-vulnerabilities - Patch, Vendor Advisory

27 Sep 2023, 15:40

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-27 15:18

Updated : 2024-02-28 20:33


NVD link : CVE-2023-28055

Mitre link : CVE-2023-28055

CVE.ORG link : CVE-2023-28055


JSON object : View

Products Affected

dell

  • networker
CWE
CWE-285

Improper Authorization