Article Number: 000220547
DSA-2023-358: Security Update for Dell NetWorker Virtual Edition SSH Cryptography Vulnerabilities
Summary: Dell Networker Virtual Edition remediation is available for SSH cryptography vulnerability that could be exploited by malicious users to compromise the affected system.
Article Content
Impact
Medium
Details
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-28053 |
Dell NetWorker Virtual Edition versions 19.8 and below contain the use of deprecated cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to some information disclosure. | 5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-28053 |
Dell NetWorker Virtual Edition versions 19.8 and below contain the use of deprecated cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to some information disclosure. | 5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Affected Products and Remediation
| CVEs Addressed | Product | Software/Firmware |
Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|---|
| CVE-2023-28053 | NetWorker Virtual Edition | Cryptographic algorithm | Versions 19.9 through 19.9.0.2 | Version 19.9.0.3 or later | https://www.dell.com/support/home/product-support/product/networker/drivers |
| CVE-2023-28053 |
NetWorker Virtual Edition | Cryptographic algorithm | Versions 19.8 through 19.8.0.3 | Versions 19.8.0.4 or later |
https://www.dell.com/support/home/product-support/product/networker/drivers |
| CVE-2023-28053 | NetWorker Virtual Edition | Cryptographic algorithm | Versions 19.7 through 19.7.0.5 | Version 19.9.0.3 or later | https://www.dell.com/support/home/product-support/product/networker/drivers |
| CVE-2023-28053 | NetWorker Virtual Edition | Cryptographic algorithm | Version 19.7.1 | Version 19.9.0.3 or later | https://www.dell.com/support/home/product-support/product/networker/drivers |
| CVE-2023-28053 | NetWorker Virtual Edition | Cryptographic algorithm | Versions Prior to 19.7 | Version 19.9.0.3 or later | https://www.dell.com/support/home/product-support/product/networker/drivers |
| CVEs Addressed | Product | Software/Firmware |
Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|---|
| CVE-2023-28053 | NetWorker Virtual Edition | Cryptographic algorithm | Versions 19.9 through 19.9.0.2 | Version 19.9.0.3 or later | https://www.dell.com/support/home/product-support/product/networker/drivers |
| CVE-2023-28053 |
NetWorker Virtual Edition | Cryptographic algorithm | Versions 19.8 through 19.8.0.3 | Versions 19.8.0.4 or later |
https://www.dell.com/support/home/product-support/product/networker/drivers |
| CVE-2023-28053 | NetWorker Virtual Edition | Cryptographic algorithm | Versions 19.7 through 19.7.0.5 | Version 19.9.0.3 or later | https://www.dell.com/support/home/product-support/product/networker/drivers |
| CVE-2023-28053 | NetWorker Virtual Edition | Cryptographic algorithm | Version 19.7.1 | Version 19.9.0.3 or later | https://www.dell.com/support/home/product-support/product/networker/drivers |
| CVE-2023-28053 | NetWorker Virtual Edition | Cryptographic algorithm | Versions Prior to 19.7 | Version 19.9.0.3 or later | https://www.dell.com/support/home/product-support/product/networker/drivers |
The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
- Platforms: Linux
- Please refer to the installation version NetWorker 19.9.0.3 Virtual Edition OVA under the Download list on https://www.dell.com/support/home/product-support/product/networker/drivers with the Description as NetWorker® Virtual Edition (NVE) 19.9.0.3 for Linux SLES12 SP5 (64-bit) is NetWorker server that runs as a virtual machine in a VMware environment.
- Please refer to the installation version NetWorker 19.9.0.3 Virtual Edition Upgrade under the Download list on https://www.dell.com/support/home/product-support/product/networker/drivers with the Description as NetWorker® Virtual Edition (NVE) 19.9.0.3 virtual appliance update file for NVE deployed on VMware, AWS and Azure environments.
- Please refer to the installation version NetWorker 19.8.0.4 Virtual Edition OVA under the Download list on https://www.dell.com/support/home/product-support/product/networker/drivers with the Description as NetWorker® Virtual Edition (NVE) 19.8.0.4 for Linux SLES12 SP5 (64-bit) is NetWorker server that runs as a virtual machine in a VMware environment.
- Please refer to the installation version NetWorker 19.8.0.4 Virtual Edition Upgrade under the Download list on https://www.dell.com/support/home/product-support/product/networker/drivers with the Description as NetWorker® Virtual Edition (NVE) 19.8.0.4 virtual appliance update file for NVE deployed on VMware, AWS and Azure environments.
- Versions prior to 19.7 means versions 19.6.x, 19.5.x, 19.4.x family of releases that are still under standard support. For more information on Dell End-of-Life Documents for converged infrastructure, midrange and enterprise storage, and storage networking products kindly refer to: https://www.dell.com/support/kbdoc/000185734/all-dell-emc-end-of-life-documents?lang=en
- Unless specified as impacted, the term “or Later” encompasses all NetWorker releases, under standard support, that are of a higher minor or major version than the specified release.
- Dell recommends that you always upgrade to the latest release/version for your product
Revision History
| Revision | Date | Description |
| 1.0 | 2023-12-18 | Initial Release |
Related Information
Legal Information
Article Properties
Affected Product
NetWorker Family, NetWorker, NetWorker Series, NetWorker Module, Product Security Information
Last Published Date
18 Dec 2023
Version
1
Article Type
Dell Security Advisory