CVE-2023-23690
7 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
6.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
40.6%
Cloud Mobility for Dell EMC Storage, versions 1.3.0.X and below contains an Improper Check for Certificate Revocation vulnerability. A threat actor does not need any specific privileges to potentially exploit this vulnerability. An attacker could perform a man-in-the-middle attack and eavesdrop on encrypted communications from Cloud Mobility to Cloud Storage devices. Exploitation could lead to the compromise of secret and sensitive information, cloud storage connection downtime, and the integrity of the connection to the Cloud devices.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| dell:cloud_mobility_for_dell_emc_storage | dell cloud mobility for dell emc storage | lt | 1.3.4.0 |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Cloud Mobility for Dell Storage",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.3.3.X",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]Related
7 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
6.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
40.6%