Lucene search

DellCVE-2023-28076

HistoryMay 16, 2023 - 4:15 p.m.

CVE-2023-28076

2023-05-1616:15:09

CWE-327

dell

web.nvd.nist.gov

cve-2023

cloudlink

vulnerability

cryptographic algorithm

information disclosure

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

47.5%

JSON

CloudLink 7.1.2 and all prior versions contain a broken or risky cryptographic algorithm vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability leading to some information disclosure.

Affected configurations

Nvd

Vulners

Node

dellcloudlinkRange<7.1.3

VendorProductVersionCPE
dellcloudlink*cpe:2.3:a:dell:cloudlink:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	cloudlink	*	cpe:2.3:a:dell:cloudlink::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "CloudLink",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": "7.1.2 and all prior versions"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000212095/dsa-2023-121-dell-cloudlink-security-update-for-aes-gcm-ciphers-vulnerability

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

47.5%

JSON

Related for CVE-2023-28076