Lucene search

PRIOn knowledge basePRION:CVE-2023-25539

HistoryMay 31, 2023 - 5:15 a.m.

Command injection

2023-05-3105:15:00

PRIOn knowledge base

www.prio-n.com

dell networker

command injection

os command

vulnerability

remote attacker

unauthenticated

arbitrary commands

high severity

privileges

system control

upgrade opportunity

9.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.2%

JSON

Dell NetWorker 19.6.1.2, contains an OS command injection Vulnerability in the NetWorker client. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application’s underlying OS, with the privileges of the vulnerable application. This is a high severity vulnerability as the exploitation allows an attacker to take complete control of a system, so Dell recommends customers to upgrade at the earliest opportunity.

CPENameOperatorVersion
networkerlt19.7.0.4
networkereq19.7.1

CPE	Name	Operator	Version
	networker	lt	19.7.0.4
	networker	eq	19.7.1

References

www.dell.com/support/kbdoc/en-us/000211267/dsa-2023-060-dell-networker-security-update-for-an-nsrcapinfo-vulnerability