Dell NetWorker 19.6.1.2 OS Cmd Injection via Client
CVE-2023-25539 Published on May 31, 2023
Dell NetWorker 19.6.1.2, contains an OS command injection Vulnerability in the NetWorker client. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. This is a high severity vulnerability as the exploitation allows an attacker to take complete control of a system, so Dell recommends customers to upgrade at the earliest opportunity.
Vulnerability Analysis
CVE-2023-25539 can be exploited with network access, requires user interaction and user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
What is a Code Injection Vulnerability?
The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
CVE-2023-25539 has been classified to as a Code Injection vulnerability or weakness.
Products Associated with CVE-2023-25539
Want to know whenever a new CVE is published for Dell Networker? stack.watch will email you.
Affected Versions
Dell NetWorker NVE Version NetWorker 19.6.1.2 Linux and prior releases, NetWorker 19.7.0.3 Linux and prior releases, 19.7.1 Linux is affected by CVE-2023-25539Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.