CVE-2023-28055
📋 TL;DR
Dell NetWorker 19.7 has an improper authorization vulnerability in its client component. An unauthenticated attacker on the same network can manipulate commands to gain complete server file access, leading to information disclosure, denial of service, or arbitrary code execution. Organizations using Dell NetWorker 19.7 are affected.
💻 Affected Systems
- Dell NetWorker
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of the NetWorker server allowing arbitrary code execution, data exfiltration, and persistent backdoor installation.
Likely Case
Unauthorized access to backup data leading to information disclosure and potential denial of service by disrupting backup operations.
If Mitigated
Limited impact if network segmentation prevents attacker access to NetWorker client network segments.
🎯 Exploit Status
Vulnerability allows unauthenticated attackers on same network to manipulate commands without authorization
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Upgrade to version beyond 19.7 (check Dell advisory for specific fixed version)
Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000218003/dsa-2023-294-security-update-for-dell-networker-nw-client-vulnerabilities
Restart Required: Yes
Instructions:
1. Download latest NetWorker update from Dell support site. 2. Backup current configuration. 3. Apply update following Dell installation guide. 4. Restart NetWorker services.
🔧 Temporary Workarounds
Network Segmentation
allIsolate NetWorker clients to restricted network segments to prevent unauthorized access
Access Control Lists
allImplement strict network ACLs to limit which systems can communicate with NetWorker clients
🧯 If You Can't Patch
- Implement strict network segmentation to isolate NetWorker clients from untrusted networks
- Deploy host-based firewalls to restrict network access to NetWorker client ports
🔍 How to Verify
Check if Vulnerable:
Check NetWorker version: On Windows: Open NetWorker Management Console → Help → About. On Linux: Run 'nsr -v' command.Check Version:
nsr -v (Linux) or check About in NetWorker Management Console (Windows)Verify Fix Applied:
Verify version is updated beyond 19.7 and test client-server communication functionality.📡 Detection & Monitoring
Log Indicators:
- Unauthorized connection attempts to NetWorker client ports
- Unusual command patterns in NetWorker logs
- Failed authorization attempts
Network Indicators:
- Unusual traffic patterns to NetWorker client ports (default 7937-9937)
- Connection attempts from unauthorized IP addresses
SIEM Query:
source="NetWorker" AND (event_type="authentication_failure" OR command="*unauthorized*")