CVE-2023-24568

Published: May 30, 2023Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

Dell NetWorker, contains an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port which could disallow replacing CA signed certificates.

Affected (3)

Products: Dell: Networker

Dell

1 product

Networker

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Dell Networker	Up to 19.7.0.3
Dell Networker	Version 19.7.1
Dell Networker	Version 19.8.0.0

Related CWEs

CWE-295

Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

CWE-297

Improper Validation of Certificate with Host Mismatch

The product communicates with a host that provides a certificate, but the product does not properly ensure that the certificate is actually associated with that host.

References (2)

https://www.dell.com/support/kbdoc/en-us/000210963/dsa-2023-059-dell-networker-security-update-for-a-rabbitmq-vulnerability-related-to-improper-validation-of-hostname-in-rabbitmq-startup-script-which-fails-to-replace-ca-signed-certificates

Source: security_alert@emc.com

Vendor Advisory

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.