DSA-2023-060: Security Update for Dell NetWorker OS Command Injection Vulnerability
Samenvatting: Dell NetWorker remediation is available for an OS Command Injection vulnerability that could be exploited by malicious users to compromise the affected system.
Dit artikel is van toepassing op
Dit artikel is niet van toepassing op
Dit artikel is niet gebonden aan een specifiek product.
Niet alle productversies worden in dit artikel vermeld.
Impact
High
Gegevens
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2023-25539 | Dell NetWorker 19.6.1.2, contains an OS command injection Vulnerability in the NetWorker client. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. This is a high severity vulnerability as the exploitation allows an attacker to take complete control of a system, so Dell recommends customers to upgrade at the earliest opportunity. | 8.4 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2023-25539 | Dell NetWorker 19.6.1.2, contains an OS command injection Vulnerability in the NetWorker client. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. This is a high severity vulnerability as the exploitation allows an attacker to take complete control of a system, so Dell recommends customers to upgrade at the earliest opportunity. | 8.4 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H |
Getroffen producten en herstel
| Product | Affected Versions | Remediated Versions | Link |
| NetWorker NVE | Version 19.7.1 Linux | Version 19.8.0.1 and later releases | NetWorker Downloads Area |
| NetWorker NVE | Version 19.7.0.3 Linux and prior releases | Version 19.7.0.4 and later releases | NetWorker Downloads Area |
| NetWorker NVE | Version 19.6.1.2 Linux and prior releases | Version 19.7.0.4 and later releases | NetWorker Downloads Area |
| Product | Affected Versions | Remediated Versions | Link |
| NetWorker NVE | Version 19.7.1 Linux | Version 19.8.0.1 and later releases | NetWorker Downloads Area |
| NetWorker NVE | Version 19.7.0.3 Linux and prior releases | Version 19.7.0.4 and later releases | NetWorker Downloads Area |
| NetWorker NVE | Version 19.6.1.2 Linux and prior releases | Version 19.7.0.4 and later releases | NetWorker Downloads Area |
Note:
- The impacted component is NetWorker client and the affected platforms are Linux (CentOS, OEL, SuSE, RHEL, Debian, Ubuntu, Fedora).
Tijdelijke oplossingen en risicobeperking
None
Revisiegeschiedenis
| Revision | Date | Description |
| 1.0 | 2023-04-03 | Initial Release |
| 2.0 | 2023-05-11 | Made changes to Updated Versions |
| 3.0 | 2023-06-06 | Made changes to "Impact", "CVSS Base Score" & "CVSS Vector String" |
| 4.0 | 2025-12-29 |
Updated the formatting, CVSS score and vulnerability description
|
Bevestigingen
Dell Technologies would like to thank Maciej Kosz for reporting this issue.
Verwante informatie
Juridische verklaring van afstand
Getroffen producten
NetWorker Family, NetWorker, NetWorker Series, NetWorker Module, Product Security InformationArtikeleigenschappen
Artikelnummer: 000211267
Artikeltype: Dell Security Advisory
Laatst aangepast: 29 dec. 2025
Vind antwoorden op uw vragen via andere Dell gebruikers
Support Services
Controleer of uw apparaat wordt gedekt door Support Services.