Lucene search

DellCVELIST:CVE-2023-28043

HistoryJun 01, 2023 - 3:58 p.m.

CVE-2023-28043

2023-06-0115:58:32

CWE-327

dell

www.cve.org

dell scg 5.14

information disclosure

vulnerability

srs

scg

upgrade path

remote

low privileged

malicious user

plain text

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.2%

JSON

Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Secure Connect Gateway",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": "5.14.00.16"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000214205/dsa-2023-164-dell-secure-connect-gateway-security-update-for-multiple-vulnerabilities

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.2%

JSON

Related for CVELIST:CVE-2023-28043