First published: Mon Apr 01 2019(Updated: )
EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the Networker Client execution service (nsrexecd) when oldauth authentication method is used. An unauthenticated remote attacker could send arbitrary commands via RPC service to be executed on the host system with the privileges of the nsrexecd service, which runs with administrative privileges.
Credit: security_alert@emc.com
Affected Software | Affected Version | How to fix |
---|---|---|
Dell EMC NetWorker | >=8.2.0.0<8.2.4.11 | |
Dell EMC NetWorker | >=9.0.0.0<=9.0.1.9 | |
Dell EMC NetWorker | >=9.1.0.0<9.1.1.5 | |
Dell EMC NetWorker | >=9.2.0.0<9.2.1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-8023 is considered a critical vulnerability due to its potential for unauthenticated remote code execution.
To fix CVE-2017-8023, upgrade the Dell EMC NetWorker software to a version that does not utilize the oldauth authentication method.
CVE-2017-8023 affects Dell EMC NetWorker versions 8.2.0.0 to 8.2.4.11, 9.0.0.0 to 9.0.1.9, 9.1.0.0 to 9.1.1.5, and 9.2.0.0 to 9.2.1.0.
Yes, CVE-2017-8023 can be exploited by unauthenticated remote attackers through the Networker Client execution service.
If CVE-2017-8023 is exploited, it allows an attacker to execute arbitrary commands on the affected Dell EMC NetWorker systems.