CVE-2023-28055 - OpenCVE

Dell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the same network could potentially exploit this by manipulating a command leading to gain of complete access to the server file further resulting in information leaks, denial of service, and arbitrary code execution. Dell recommends customers to upgrade at the earliest opportunity.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dell	Networker

Configuration 1 [-]

OR	cpe:2.3:a:dell:networker::::::::
	cpe:2.3:a:dell:networker::::::::
	cpe:2.3:a:dell:networker::::::::
	cpe:2.3:a:dell:networker:19.7.1:::::::*

No data.

References

Link	Providers
https://www.dell.com/support/kbdoc/en-us/000218003/dsa-2023-294-security-update-for-dell-networker-nw-client-vulnerabilities

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2023-09-26T13:35:38.352Z

Updated: 2024-08-02T12:30:22.791Z

Reserved: 2023-03-10T05:01:43.872Z

Link: CVE-2023-28055

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-09-27T15:18:49.297

Modified: 2023-09-29T17:36:40.987

Link: CVE-2023-28055

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-28055", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2023-03-10T05:01:43.872Z", "datePublished": "2023-09-26T13:35:38.352Z", "dateUpdated": "2024-08-02T12:30:22.791Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "NetWorker", "vendor": "Dell", "versions": [{"status": "affected", "version": "Versions 19.9 through 19.9.0.1"}, {"status": "affected", "version": "Versions 19.8, through 19.8.0.2"}, {"status": "affected", "version": "Versions 19.7 through 19.7.0.4"}, {"status": "affected", "version": "Version 19.7.1"}]}], "datePublic": "2023-09-26T06:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Dell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the same network could potentially exploit this by manipulating a command leading to gain of complete access to the server file further resulting in information leaks, denial of service, and arbitrary code execution. Dell recommends customers to upgrade at the earliest opportunity.</span>\n\n"}], "value": "\nDell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the same network could potentially exploit this by manipulating a command leading to gain of complete access to the server file further resulting in information leaks, denial of service, and arbitrary code execution. Dell recommends customers to upgrade at the earliest opportunity.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-285", "description": "CWE-285: Improper Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2023-09-26T13:35:38.352Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000218003/dsa-2023-294-security-update-for-dell-networker-nw-client-vulnerabilities"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T12:30:22.791Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.dell.com/support/kbdoc/en-us/000218003/dsa-2023-294-security-update-for-dell-networker-nw-client-vulnerabilities"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:networker:*:*:*:*:*:*:*:*", "matchCriteriaId": "E80B4170-769A-4FB5-B1D8-FAD7FD280ED1", "versionEndExcluding": "19.7.0.5", "versionStartIncluding": "19.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:networker:*:*:*:*:*:*:*:*", "matchCriteriaId": "17D5F7EF-8B4D-46C5-BDC2-F0214B43DB8E", "versionEndExcluding": "19.8.0.3", "versionStartIncluding": "19.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:networker:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4EC1A05-4A1A-4633-8F7E-13D43070AD98", "versionEndExcluding": "19.9.0.2", "versionStartIncluding": "19.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:networker:19.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "880E3083-10D9-451F-A21B-91D36570596A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\nDell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the same network could potentially exploit this by manipulating a command leading to gain of complete access to the server file further resulting in information leaks, denial of service, and arbitrary code execution. Dell recommends customers to upgrade at the earliest opportunity.\n\n"}, {"lang": "es", "value": "Dell NetWorker, versi\u00f3n 19.7 tiene una vulnerabilidad de autorizaci\u00f3n incorrecta en el cliente NetWorker. Un atacante no autenticado dentro de la misma red podr\u00eda explotar esto manipulando un comando que conduzca a obtener acceso completo al archivo del servidor, lo que resultar\u00eda en fugas de informaci\u00f3n, denegaci\u00f3n de servicio y ejecuci\u00f3n de c\u00f3digo arbitrario. Dell recomienda a los clientes actualizar lo antes posible."}], "id": "CVE-2023-28055", "lastModified": "2023-09-29T17:36:40.987", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security_alert@emc.com", "type": "Secondary"}]}, "published": "2023-09-27T15:18:49.297", "references": [{"source": "security_alert@emc.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000218003/dsa-2023-294-security-update-for-dell-networker-nw-client-vulnerabilities"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-285"}], "source": "security_alert@emc.com", "type": "Primary"}]}