DSA-2024-477: Security Update for Dell NetWorker Runtime Environment (NRE) Multiple Component Vulnerabilities
Summary: Dell NetWorker Runtime Environment (NRE) remediation is available for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.
Impact
High
Details
|
Third-party Component |
CVEs |
More Information |
|
Java SE Embedded |
CVE-2023-42950, CVE-2024-25062, CVE-2024-21235, CVE-2024-21210, CVE-2024-21208, CVE-2024-21217 |
See NVD link below for individual scores for each CVE. |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2024-47476 |
Dell NetWorker Management Console, version(s) 19.11, contain(s) an Improper Verification of Cryptographic Signature vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Code execution. |
7.8 |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2024-47476 |
Dell NetWorker Management Console, version(s) 19.11, contain(s) an Improper Verification of Cryptographic Signature vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Code execution. |
7.8 |
Etkilenen Ürünler ve Düzeltme
|
CVEs Addressed |
Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Link |
|
CVE-2023-42950, CVE-2024-25062, CVE-2024-21235, CVE-2024-21210, CVE-2024-21208, CVE-2024-21217 |
Dell NetWorker Runtime Environment (NRE) |
NetWorker Runtime Environment (NRE) |
Version NRE 8.0.22 |
Version NRE 8.0.23 or later |
https://www.dell.com/support/home/product-support/product/networker/drivers |
|
CVE-2024-47476 |
Dell NetWorker Runtime Environment (NRE) |
NetWorker Management Console |
Version NRE 8.0.22 |
Version NRE 8.0.23 or later |
https://www.dell.com/support/home/product-support/product/networker/drivers |
|
CVEs Addressed |
Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Link |
|
CVE-2023-42950, CVE-2024-25062, CVE-2024-21235, CVE-2024-21210, CVE-2024-21208, CVE-2024-21217 |
Dell NetWorker Runtime Environment (NRE) |
NetWorker Runtime Environment (NRE) |
Version NRE 8.0.22 |
Version NRE 8.0.23 or later |
https://www.dell.com/support/home/product-support/product/networker/drivers |
|
CVE-2024-47476 |
Dell NetWorker Runtime Environment (NRE) |
NetWorker Management Console |
Version NRE 8.0.22 |
Version NRE 8.0.23 or later |
https://www.dell.com/support/home/product-support/product/networker/drivers |
The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
- Platforms: Windows & Linux (All variants and flavors are impacted)
- Unless specified as impacted, the term “later releases” encompasses all NetWorker releases, under standard support, that are of a higher minor or major version than the specified release.
- Dell advises that you consistently upgrade to the most recent release/version of your product.
Revision History
|
Revision |
Date |
Description |
|
1.0 |
2024-12-03 |
Initial Release |