DSA-2025-268: Security Update for Dell NetWorker Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') Vulnerability
Сводка: Dell NetWorker remediation is available for selection of less-secure algorithm during negotiation ('algorithm downgrade') vulnerability that could be exploited by malicious users to compromise the affected system. ...
Данная статья применяется к
Данная статья не применяется к
Эта статья не привязана к какому-либо конкретному продукту.
В этой статье указаны не все версии продуктов.
Влияние
Medium
Подробные сведения
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2025-36582 | Dell NetWorker, versions prior to 19.13.0.0, contains a Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure. | 4.8 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2025-36582 | Dell NetWorker, versions prior to 19.13.0.0, contains a Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure. | 4.8 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N |
Затронутые продукты и исправление
| Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
| NetWorker | NetWorker Management Console, NetWorker Web UI, NetWorker Authentication Service | Versions prior to 19.13.0.0 | Version 19.13.0.0 or later | NetWorker Downloads Area |
| Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
| NetWorker | NetWorker Management Console, NetWorker Web UI, NetWorker Authentication Service | Versions prior to 19.13.0.0 | Version 19.13.0.0 or later | NetWorker Downloads Area |
Notes:
- The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
- Versions prior to 19.13.0.0 means 19.12.x, 19.11.x, 19.10.x, 19.9.x, and 19.8.x family of releases that are still under standard support. For more information refer to Dell End-of-Life Product List for Converged Infrastructure and Storage.
- Unless specified as impacted, the term “later releases” encompasses all NetWorker releases, under standard support, that are of a higher minor or major version than the specified release. Dell recommends that you always upgrade to the latest release/version for your product.
- Platforms: Windows & Linux (All variants and flavors are impacted).
Временные решения и снижение риска
None
История изменений
| Revision | Date | Description |
| 1.0 | 2025-07-01 | Initial Release |
| 2.0 | 2025-08-19 | Updated the 'Affected and Remediated Versions' and 'Additional Information' sections |
| 3.0 | 2025-12-31 |
Updated the CVE description to clarify the impact
|
Связанная информация
Правовая оговорка
Затронутые продукты
NetWorker FamilyСвойства статьи
Номер статьи: 000338757
Тип статьи: Dell Security Advisory
Последнее изменение: 31 Dec 2025
Получите ответы на свои вопросы от других пользователей Dell
Услуги технической поддержки
Проверьте, распространяются ли на ваше устройство услуги технической поддержки.