Lucene search

DellCVE-2023-32485

HistoryOct 05, 2023 - 7:15 p.m.

CVE-2023-32485

2023-10-0519:15:11

CWE-20

dell

web.nvd.nist.gov

dell

smartfabric

storage software

vulnerability

cve-2023-32485

privilege escalation

nvd

dell recommends upgrade

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

50.8%

JSON

Dell SmartFabric Storage Software version 1.3 and lower contain an improper input validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability and escalate privileges up to the highest administration level. This is a critical severity vulnerability affecting user authentication. Dell recommends customers to upgrade at the earliest opportunity.

Affected configurations

Nvd

Node

dellsmartfabric_storage_softwareRange<1.4.0

VendorProductVersionCPE
dellsmartfabric_storage_software*cpe:2.3:a:dell:smartfabric_storage_software:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	smartfabric_storage_software	*	cpe:2.3:a:dell:smartfabric_storage_software::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Dell SmartFabric Storage Software",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": "Versions before 1.4.0"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000216587/dsa-2023-283-security-update-for-dell-smartfabric-storage-software-vulnerabilities

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

50.8%

JSON

Related for CVE-2023-32485