Lucene search

[email protected]NVD:CVE-2023-23690

HistoryJan 19, 2023 - 12:15 p.m.

CVE-2023-23690

2023-01-1912:15:13

CWE-299

CWE-295

[email protected]

web.nvd.nist.gov

cloud mobility

dell emc storage

certificate revocation

eavesdrop

compromise

vulnerability

7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L

0.001 Low

EPSS

Percentile

40.5%

JSON

Cloud Mobility for Dell EMC Storage, versions 1.3.0.X and below contains an Improper Check for Certificate Revocation vulnerability. A threat actor does not need any specific privileges to potentially exploit this vulnerability. An attacker could perform a man-in-the-middle attack and eavesdrop on encrypted communications from Cloud Mobility to Cloud Storage devices. Exploitation could lead to the compromise of secret and sensitive information, cloud storage connection downtime, and the integrity of the connection to the Cloud devices.

Affected configurations

NVD

Node

dellcloud_mobility_for_dell_emc_storageRange<1.3.4.0

References

www.dell.com/support/kbdoc/en-us/000207521/dsa-2023-019-dell-emc-cloud-mobility-security-update-for-certificate-revocation-vulnerability

7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L

0.001 Low

EPSS

Percentile

40.5%

JSON

Related for NVD:CVE-2023-23690

cnvd1 cve1 prion1 cvelist1