Lucene search

[email protected]CVE-2023-43072

HistoryOct 05, 2023 - 6:15 p.m.

CVE-2023-43072

2023-10-0518:15:12

CWE-284

[email protected]

web.nvd.nist.gov

cve-2023-43072

dell

smartfabric

storage software

cli

access control

vulnerability

nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.5%

JSON

Dell SmartFabric Storage Software v1.4 (and earlier) contains an improper access control vulnerability in the CLI. A local possibly unauthenticated attacker could potentially exploit this vulnerability, leading to ability to execute arbritrary shell commands.

Affected configurations

NVD

Node

dellsmartfabric_storage_softwareRange<1.4.1

CPENameOperatorVersion
dell:smartfabric_storage_softwaredell smartfabric storage softwarelt1.4.1

CPE	Name	Operator	Version
dell:smartfabric_storage_software	dell smartfabric storage software	lt	1.4.1

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Dell SmartFabric Storage Software",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": "v1.4.0 and prior"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.5%

JSON

Related for CVE-2023-43072

prion1 cnvd1 cvelist1 nvd1