Dell NetWorker 19.7 Unauth Access via client: arbitrary code exec
CVE-2023-28055 Published on September 27, 2023
Dell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the same network could potentially exploit this by manipulating a command leading to gain of complete access to the server file further resulting in information leaks, denial of service, and arbitrary code execution. Dell recommends customers to upgrade at the earliest opportunity.
Vulnerability Analysis
Weakness Type
What is an AuthZ Vulnerability?
The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CVE-2023-28055 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2023-28055
Want to know whenever a new CVE is published for Dell Networker? stack.watch will email you.
Affected Versions
Dell NetWorker:- Version Versions 19.9 through 19.9.0.1 is affected.
- Version Versions 19.8, through 19.8.0.2 is affected.
- Version Versions 19.7 through 19.7.0.4 is affected.
- Version Version 19.7.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.