CVE Vulnerability

CVE-2023-24576

EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the Networker Client execution service (nsrexecd) when oldauth authentication method is used. An unauthenticated remote attacker could send arbitrary commands via RPC service to be executed on the host system with the privileges of the nsrexecd service, which runs with administrative privileges.

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.dell.com/support/kbdoc/en-us/000208258/dsa-2023-041-dell-networker-security-update-for-nsrdump-vulnerability Patch Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:dell:emc_networker:19.7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:dell:emc_networker:*:*:*:*:virtual:*:*:*
Information

Published : 2023-02-03 07:15

Updated : 2023-02-24 06:15

NVD link : CVE-2023-24576

Mitre link : CVE-2023-24576

Products Affected
No products.
CWE
CWE-94