SB2023020931 - Remote code execution in Dell NetWorker
Published: February 9, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Improper Authentication (CVE-ID: CVE-2023-24576)
CWE-ID: CWE-287 - Improper Authentication
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to an error in the authentication process in the NetWorker Client execution service (nsrexecd), when oldauth authentication method is used. A remote non-authenticated attacker can bypass authentication process and execute arbitrary code on the system.
Remediation
Install update from vendor's website.