Lucene search

DellCVELIST:CVE-2023-32485

HistoryOct 05, 2023 - 6:05 p.m.

CVE-2023-32485

2023-10-0518:05:19

CWE-20

dell

www.cve.org

cve-2023-32485

input validation

remote exploitation

privilege escalation

administration

user authentication

dell

upgrade

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.001

Percentile

50.8%

JSON

Dell SmartFabric Storage Software version 1.3 and lower contain an improper input validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability and escalate privileges up to the highest administration level. This is a critical severity vulnerability affecting user authentication. Dell recommends customers to upgrade at the earliest opportunity.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Dell SmartFabric Storage Software",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": "Versions before 1.4.0"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000216587/dsa-2023-283-security-update-for-dell-smartfabric-storage-software-vulnerabilities

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.001

Percentile

50.8%

JSON

Related for CVELIST:CVE-2023-32485