Improper validation of certificate with host mismatch in Dell NetWorker



Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2023-24568
CWE-ID CWE-297
Exploitation vector Network
Public exploit N/A
Vulnerable software
 NetWorker
Server applications / Other server solutions

Vendor Dell

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Improper validation of certificate with host mismatch

EUVDB-ID: #VU79816

Risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-24568

CWE-ID: CWE-297 - Improper Validation of Certificate with Host Mismatch

Exploit availability: No

Description

The vulnerability allows a remote user to modify files on the system.

The vulnerability exists in the Rabbitmq port. A remote user can trigger the vulnerability to disallow replacing CA signed certificates.

Mitigation

Install update from vendor's website.

Vulnerable software versions

NetWorker: before 19.8.0.1

CPE2.3 External links

https://www.dell.com/support/kbdoc/nl-nl/000210963/dsa-2023-059-dell-networker-security-update-for-a-rabbitmq-vulnerability-related-to-improper-validation-of-hostname-in-rabbitmq-startup-script-which-fails-to-replace-ca-signed-certificates


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###