Malware loophole in Dell NetWorker closed
Attackers can exploit several vulnerabilities in Dell's NetWorker backup solution. Security updates are available for download.
Security gaps jeopardize network security.
(Image: Erstellt mit KI in Bing Designer durch heise online / dmk)
Dell NetWorker, NetWorker Virtual Edition and NetWorker Management Console are vulnerable. Attacks on the vulnerabilities are conceivable. Admins should therefore install the security patches promptly.
In a warning message from Dell, the company's developers write that various third-party components such as OpenSSL are particularly vulnerable. One gap (CVE-2025-21107, risk"high") also affects the backup software directly. Attackers with local access and low user rights can use this vulnerability to execute malicious code. However, the authors of the announcement do not explain how such an attack could take place.
Not all updates available yet
Dell states that it has solved the security problems in issues 19.11.0.03 and 19.12. However, the security update to close another vulnerability (CVE-2024-7348, risk"high") is still pending. Dell intends to make it available in February on an unspecified date.
Videos by heise
So far, there are no reports of attacks already underway in the wild. However, admins should not be lulled into a false sense of security for too long and should secure their systems quickly.
(des)
