Unrated severityNVD Advisory· Published May 31, 2023· Updated Jan 9, 2025

CVE-2023-25539

Description

Dell NetWorker 19.6.1.2, contains an OS command injection Vulnerability in the NetWorker client. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. This is a high severity vulnerability as the exploitation allows an attacker to take complete control of a system, so Dell recommends customers to upgrade at the earliest opportunity.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An OS command injection in Dell NetWorker's nsrcapinfo component lets an unauthenticated remote attacker execute arbitrary commands as the application user.

Vulnerability

The vulnerability is an OS command injection in the nsrcapinfo component of Dell NetWorker client versions 19.6.1.2 and earlier (including NVE versions 19.7.1 and prior). A remote unauthenticated attacker can send crafted input that is not properly sanitized before being passed to OS commands, leading to arbitrary command execution with the privileges of the vulnerable application [1].

Exploitation

An attacker does not need authentication or prior access to the system. The attack is network-based and requires no user interaction, as the vulnerable component is exposed to the network. By sending a specially crafted request to the nsrcapinfo component, the attacker can inject arbitrary OS commands that are executed by the application [1].

Impact

Successful exploitation allows the attacker to execute arbitrary OS commands on the underlying operating system with the privileges of the NetWorker client process. This can lead to complete compromise of the affected system, including unauthorized access, data exfiltration, and potential lateral movement within the network [1].

Mitigation

Dell has released fixed versions: NetWorker NVE version 19.8.0.1 and later, and corresponding updates for other affected versions. Users should upgrade to the remediated versions immediately. No workarounds are mentioned in the advisory; the only mitigation is to apply the official update [1].

References

DSA-2023-060: Security Update for Dell NetWorker OS Command Injection Vulnerability

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

WordPress/Networkerllm-fuzzy
Range: =19.6.1.2
Package: https://wordpress.org/themes/networker
Dell/EMC NetWorkercpe-rescue
Range: NetWorker 19.6.1.2 Linux and prior releases, NetWorker 19.7.0.3 Linux and prior releases, 19.7.1 Linux

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.dell.com/support/kbdoc/en-us/000211267/dsa-2023-060-dell-networker-security-update-for-an-nsrcapinfo-vulnerabilitymitrevendor-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000