Lucene search

DellCVELIST:CVE-2023-23692

HistoryFeb 01, 2023 - 12:30 p.m.

CVE-2023-23692

2023-02-0112:30:12

CWE-78

dell

www.cve.org

dell emc

ddos 7.9

os command injection

vulnerability

authenticated

non admin attacker

arbitrary os commands

application's underlying os

privileges

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.001

Percentile

49.1%

JSON

Dell EMC prior to version DDOS 7.9 contain(s) an OS command injection Vulnerability. An authenticated non admin attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application’s underlying OS, with the privileges of the vulnerable application.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Data Domain",
    "vendor": "Dell",
    "versions": [
      {
        "lessThanOrEqual": "7.0 to 7.8",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "LTS 7.7.1 to 7.7.2",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      },
      {
        "lessThan": "6.2.1.80",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000201296/dsa-2022-187-dell-technologies-powerprotect-data-domain-security-update-for-multiple-third-party-component-vulnerabilities

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.001

Percentile

49.1%

JSON

Related for CVELIST:CVE-2023-23692