Security update: Dell NetWorker backup software can leak data
Dell has released important security patches for its backup and recovery software NetWorker and the SDK BSAFE. However, not all updates are available yet.
(Image: Artur Szczybylo/Shutterstock.com)
Systems running Dell BSAFE Micro Edition Suite or NetWorker are vulnerable. The developers have now made repaired versions available for download. However, a security update has only been announced so far.
Waiting for a security patch
Admins use NetWorker to control backup and recovery processes. If attackers already have access without authentication, they can exploit a security vulnerability (CVE-2024-42422"high") and access information that is actually sealed off. How attacks could actually take place and how admins could recognize attacked systems remains unclear.
Videos by heise
In a post, the developers write that NetWorker Client 19.10.0.6 is protected against this attack. The security update for versions 19.11 to 19.11.0.2 should follow in the course of December.
The Software Development Kit (SDK) BSAFE Micro Edition Suite, which developers can use to equip applications programmed in C with TLS certificates, for example, is vulnerable to attack via a vulnerability. According to a warning message, information on the vulnerability is only available to BSAFE users with a maintenance contract. Issue 5.0.3 has been repaired.
(des)
