Lucene search

DellCVELIST:CVE-2023-44306

HistoryDec 04, 2023 - 8:32 a.m.

CVE-2023-44306

2023-12-0408:32:35

CWE-22

dell

www.cve.org

cve-2023-44306

dell dm5500

path traversal

remote attacker

high privileges

exploit

overwrite

configuration files

server filesystem

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

0.001 Low

EPSS

Percentile

29.4%

JSON

Dell DM5500 contains a path traversal vulnerability in the appliance. A remote attacker with high privileges could potentially exploit this vulnerability to overwrite configuration files stored on the server filesystem.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Dell PowerProtect Data Manager DM5500 Appliance",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": "DM5500 5.14 and below"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000220107/dsa-2023-425-security-update-for-dell-powerprotect-data-manager-dm5500-appliance-for-multiple-vulnerabilities

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

0.001 Low

EPSS

Percentile

29.4%

JSON

Related for CVELIST:CVE-2023-44306