DSA-2025-064 : Security Update for Dell NetWorker, NetWorker Virtual Edition and NetWorker Management Console Multiple Component Vulnerabilities
Resumo: Dell NetWorker, NetWorker Virtual Edition and NetWorker Management Console remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system. ...
Impacto
Critical
Dados
|
Third-party Component |
CVEs |
More Information |
|
OpenSSL1.1.1n |
CVE-2022-1292, CVE-2022-2068, CVE-2022-4304, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678 |
See NVD link below for individual scores for each CVE. |
|
Python |
CVE-2024-37891 |
See NVD link below for individual scores for each CVE. |
|
Cloud-init |
CVE-2021-3429, CVE-2023-1786 |
See NVD link below for individual scores for each CVE. |
|
PostgreSQL Database Server |
CVE-2024-7348 |
See NVD link below for individual scores for each CVE. |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2025-21107 |
Dell NetWorker, version(s) prior to 19.11.0.3, all versions of 19.10 & prior versions contain(s) an Unquoted Search Path or Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. |
7.8 |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2025-21107 |
Dell NetWorker, version(s) prior to 19.11.0.3, all versions of 19.10 & prior versions contain(s) an Unquoted Search Path or Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. |
7.8 |
Produtos afetados e soluções
|
CVEs Addressed |
Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Link |
|
CVE-2022-1292, CVE-2022-2068, CVE-2022-4304, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678 |
Dell NetWorker |
NetWorker Server, Storage Node and Client |
Versions 19.11 through 19.11.0.3 |
Version 19.12 or later |
https://www.dell.com/support/home/product-support/product/networker/drivers |
|
CVE-2022-1292, CVE-2022-2068, CVE-2022-4304, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678 |
Dell NetWorker |
NetWorker Server, Storage Node and Client |
Versions 19.10 through 19.10.0.7 |
Version 19.12 or later |
https://www.dell.com/support/home/product-support/product/networker/drivers |
|
CVE-2022-1292, CVE-2022-2068, CVE-2022-4304, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678 |
Dell NetWorker |
NetWorker Server, Storage Node and Client |
Versions prior to 19.10 |
Version 19.12 or later |
https://www.dell.com/support/home/product-support/product/networker/drivers |
|
CVE-2024-37891, CVE-2021-3429, CVE-2023-1786 |
Dell NetWorker Virtual Edition |
NVE-OVA |
Versions 19.11 through 19.11.0.2 |
Version 19.12, 19.11.0.3 or later |
https://www.dell.com/support/home/product-support/product/networker/drivers |
|
CVE-2024-37891, CVE-2021-3429, CVE-2023-1786 |
Dell NetWorker Virtual Edition |
NVE-OVA |
Versions 19.10 through 19.10.0.7 |
Version 19.12, 19.11.0.3 or later |
https://www.dell.com/support/home/product-support/product/networker/drivers |
|
CVE-2024-37891, CVE-2021-3429, CVE-2023-1786 |
Dell NetWorker Virtual Edition |
NVE-OVA |
Versions prior to 19.10 |
Version 19.12, 19.11.0.3 or later |
https://www.dell.com/support/home/product-support/product/networker/drivers |
|
CVE-2025-21107 |
Dell NetWorker |
NetWorker Management Console |
Versions 19.11 through 19.11.0.2 |
Version 19.12, 19.11.0.3 or later |
https://www.dell.com/support/home/product-support/product/networker/drivers |
|
CVE-2025-21107 |
Dell NetWorker |
NetWorker Management Console |
Versions 19.10 through 19.10.0.7 |
Version 19.12, 19.11.0.3 or later |
https://www.dell.com/support/home/product-support/product/networker/drivers |
|
CVE-2025-21107 |
Dell NetWorker |
NetWorker Management Console |
Versions prior to 19.10 |
Version 19.12, 19.11.0.3 or later |
https://www.dell.com/support/home/product-support/product/networker/drivers |
|
CVE-2024-7348 |
Dell NetWorker |
NetWorker Management Console |
Versions 19.11 through 19.11.0.2 |
Versions 19.11.0.3 or later |
https://www.dell.com/support/home/product-support/product/networker/drivers |
|
CVE-2024-7348 |
Dell NetWorker |
NetWorker Management Console |
Versions prior to 19.10.0.7 |
Version 19.10.0.7 or later |
https://www.dell.com/support/home/product-support/product/networker/drivers |
|
CVEs Addressed |
Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Link |
|
CVE-2022-1292, CVE-2022-2068, CVE-2022-4304, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678 |
Dell NetWorker |
NetWorker Server, Storage Node and Client |
Versions 19.11 through 19.11.0.3 |
Version 19.12 or later |
https://www.dell.com/support/home/product-support/product/networker/drivers |
|
CVE-2022-1292, CVE-2022-2068, CVE-2022-4304, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678 |
Dell NetWorker |
NetWorker Server, Storage Node and Client |
Versions 19.10 through 19.10.0.7 |
Version 19.12 or later |
https://www.dell.com/support/home/product-support/product/networker/drivers |
|
CVE-2022-1292, CVE-2022-2068, CVE-2022-4304, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678 |
Dell NetWorker |
NetWorker Server, Storage Node and Client |
Versions prior to 19.10 |
Version 19.12 or later |
https://www.dell.com/support/home/product-support/product/networker/drivers |
|
CVE-2024-37891, CVE-2021-3429, CVE-2023-1786 |
Dell NetWorker Virtual Edition |
NVE-OVA |
Versions 19.11 through 19.11.0.2 |
Version 19.12, 19.11.0.3 or later |
https://www.dell.com/support/home/product-support/product/networker/drivers |
|
CVE-2024-37891, CVE-2021-3429, CVE-2023-1786 |
Dell NetWorker Virtual Edition |
NVE-OVA |
Versions 19.10 through 19.10.0.7 |
Version 19.12, 19.11.0.3 or later |
https://www.dell.com/support/home/product-support/product/networker/drivers |
|
CVE-2024-37891, CVE-2021-3429, CVE-2023-1786 |
Dell NetWorker Virtual Edition |
NVE-OVA |
Versions prior to 19.10 |
Version 19.12, 19.11.0.3 or later |
https://www.dell.com/support/home/product-support/product/networker/drivers |
|
CVE-2025-21107 |
Dell NetWorker |
NetWorker Management Console |
Versions 19.11 through 19.11.0.2 |
Version 19.12, 19.11.0.3 or later |
https://www.dell.com/support/home/product-support/product/networker/drivers |
|
CVE-2025-21107 |
Dell NetWorker |
NetWorker Management Console |
Versions 19.10 through 19.10.0.7 |
Version 19.12, 19.11.0.3 or later |
https://www.dell.com/support/home/product-support/product/networker/drivers |
|
CVE-2025-21107 |
Dell NetWorker |
NetWorker Management Console |
Versions prior to 19.10 |
Version 19.12, 19.11.0.3 or later |
https://www.dell.com/support/home/product-support/product/networker/drivers |
|
CVE-2024-7348 |
Dell NetWorker |
NetWorker Management Console |
Versions 19.11 through 19.11.0.2 |
Versions 19.11.0.3 or later |
https://www.dell.com/support/home/product-support/product/networker/drivers |
|
CVE-2024-7348 |
Dell NetWorker |
NetWorker Management Console |
Versions prior to 19.10.0.7 |
Version 19.10.0.7 or later |
https://www.dell.com/support/home/product-support/product/networker/drivers |
The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
- For OpenSSL1.1.1n
- Platforms: Linux (All variants and flavors are impacted)
- The vulnerabilities in the third-party component OpenSSL 1.1.1n will be addressed only in Version 19.12.
- For Linux Kernel
- Platforms: Linux (Suse are impacted).
- For PostgreSQL Database Server
- Platforms: Windows & Linux (All variants and flavors are impacted)
- CVE-2024-7348 has been remediated in 19.10.0.7 release.
- For Proprietary Code CVE-2025-21107
- Platforms: Windows & Linux (All variants and flavors are impacted)
- Versions prior to 19.10.0.7 mean versions 19.10.0.6, 19.10.x, 19.9.x, 19.8.x, 19.7.x family of releases that are still under standard support. For more information on Dell End-of-Life Documents for converged infrastructure, midrange and enterprise storage, and storage networking products kindly refer to: https://www.dell.com/support/kbdoc/000185734/all-dell-emc-end-of-life-documents?lang=en
- Unless specified as impacted, the term “later releases” encompasses all NetWorker releases, under standard support, that are of a higher minor or major version than the specified release.
- Dell advises that you consistently upgrade to the latest release/version for your product
Histórico de revisão
|
Revision |
Date |
Description |
|
1.0 |
2025-01-30 |
Initial Release |
|
2.0 |
2025-02-03 |
Updated the advisory with Third-Party component details CVE-2024-37891, CVE-2021-3429, CVE-2023-1786 |
|
3.0 |
2025-02-17 |
The security advisory has been updated in light of the release of Version 19.10.0.7 |
|
4.0 |
2025-02-19 |
Updated Software/Firmware Column under "Affected Product & Remediation" section corresponding to OpenSSL 1.1.1n CVEs |