CVE-2023-24567

Vulnerability

Dell NetWorker versions 19.5 and earlier contain a version disclosure vulnerability in the RabbitMQ component. A NetWorker server user with remote access to NetWorker clients can exploit this vulnerability to obtain the RabbitMQ version used by the server [1]. The vulnerability is present in all affected versions of the product prior to the security update.

Exploitation

An attacker requires network access to NetWorker clients from the NetWorker server. No authentication is needed; the vulnerability can be exploited remotely over the network without user interaction [1]. The attacker likely sends crafted requests to the RabbitMQ service to retrieve version information, which can then be used to identify and launch target-specific attacks.

Impact

Successful exploitation allows the attacker to learn the exact version of RabbitMQ running in the environment. This information disclosure (confidentiality impact) can be used to identify known vulnerabilities specific to that version, potentially leading to further compromise of the system [1]. The CVSS base score is 7.5 (High), with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [1].

Mitigation

Dell has released a security update to address this vulnerability. Customers are advised to apply the latest patch for Dell NetWorker as specified in Dell Security Advisory DSA-2023-058 [1]. No workarounds have been provided; upgrading to a fixed version is the recommended mitigation.