ID

VAR-202302-0308


CVE

CVE-2023-24576


TITLE

EMC NetWorker  Code injection vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-003595

DESCRIPTION

EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the NetWorker Client execution service (nsrexecd) irrespective of any auth used. (DoS) It may be in a state. An unauthenticated remote attacker could send arbitrary commands via RPC service to be executed on the host system with the privileges of the nsrexecd service, which runs with administrative privileges

Trust: 1.8

sources: NVD: CVE-2023-24576 // JVNDB: JVNDB-2023-003595 // VULHUB: VHN-453290 // VULMON: CVE-2023-24576

AFFECTED PRODUCTS

vendor:dellmodel:emc networkerscope:eqversion:19.7.0.2

Trust: 1.0

vendor:dellmodel:emc networkerscope:lteversion:19.8

Trust: 1.0

vendor:dell emc 旧 emcmodel:networkerscope:eqversion: -

Trust: 0.8

vendor:dell emc 旧 emcmodel:networkerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-003595 // NVD: CVE-2023-24576

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-24576
value: CRITICAL

Trust: 1.0

security_alert@emc.com: CVE-2023-24576
value: HIGH

Trust: 1.0

NVD: CVE-2023-24576
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202302-283
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2023-24576
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

security_alert@emc.com: CVE-2023-24576
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2023-24576
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-003595 // CNNVD: CNNVD-202302-283 // NVD: CVE-2023-24576 // NVD: CVE-2023-24576

PROBLEMTYPE DATA

problemtype:CWE-94

Trust: 1.1

problemtype:Code injection (CWE-94) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-453290 // JVNDB: JVNDB-2023-003595 // NVD: CVE-2023-24576

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-283

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-202302-283

PATCH

title:DSA-2023-041url:https://www.dell.com/support/kbdoc/en-us/000208258/dsa-2023-041-dell-networker-security-update-for-nsrdump-vulnerability

Trust: 0.8

title:Dell EMC NetWorker Fixes for code injection vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=225521

Trust: 0.6

sources: JVNDB: JVNDB-2023-003595 // CNNVD: CNNVD-202302-283

EXTERNAL IDS

db:NVDid:CVE-2023-24576

Trust: 3.4

db:JVNDBid:JVNDB-2023-003595

Trust: 0.8

db:CNNVDid:CNNVD-202302-283

Trust: 0.6

db:VULHUBid:VHN-453290

Trust: 0.1

db:VULMONid:CVE-2023-24576

Trust: 0.1

sources: VULHUB: VHN-453290 // VULMON: CVE-2023-24576 // JVNDB: JVNDB-2023-003595 // CNNVD: CNNVD-202302-283 // NVD: CVE-2023-24576

REFERENCES

url:https://www.dell.com/support/kbdoc/en-us/000208258/dsa-2023-041-dell-networker-security-update-for-nsrdump-vulnerability

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-24576

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2023-24576/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-453290 // VULMON: CVE-2023-24576 // JVNDB: JVNDB-2023-003595 // CNNVD: CNNVD-202302-283 // NVD: CVE-2023-24576

SOURCES

db:VULHUBid:VHN-453290
db:VULMONid:CVE-2023-24576
db:JVNDBid:JVNDB-2023-003595
db:CNNVDid:CNNVD-202302-283
db:NVDid:CVE-2023-24576

LAST UPDATE DATE

2024-08-14T15:16:15.780000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-453290date:2023-02-24T00:00:00
db:VULMONid:CVE-2023-24576date:2023-02-03T00:00:00
db:JVNDBid:JVNDB-2023-003595date:2023-09-13T07:54:00
db:CNNVDid:CNNVD-202302-283date:2023-02-27T00:00:00
db:NVDid:CVE-2023-24576date:2023-11-07T04:08:33.417

SOURCES RELEASE DATE

db:VULHUBid:VHN-453290date:2023-02-03T00:00:00
db:VULMONid:CVE-2023-24576date:2023-02-03T00:00:00
db:JVNDBid:JVNDB-2023-003595date:2023-09-13T00:00:00
db:CNNVDid:CNNVD-202302-283date:2023-02-03T00:00:00
db:NVDid:CVE-2023-24576date:2023-02-03T19:15:14.417