CVE-2023-28055 HIGH

CVE-2023-28055

Vendor Dell
Product NetWorker
Weakness CWE-285
Published September 26, 2023
Last update September 24, 2024

CVSS base score

8.8/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Dell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the same network could potentially exploit this by manipulating a command leading to gain of complete access to the server file further resulting in information leaks, denial of service, and arbitrary code execution. Dell recommends customers to upgrade at the earliest opportunity.

Key dates

02Disclosure timeline

September 26, 2023 CVE published
September 24, 2024 Record updated