Lucene search

[email protected]NVD:CVE-2023-32485

HistoryOct 05, 2023 - 7:15 p.m.

CVE-2023-32485

2023-10-0519:15:11

CWE-20

[email protected]

web.nvd.nist.gov

cve-2023-32485

improper input validation

remote attacker

privilege escalation

critical severity

user authentication

dell

upgrade

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.001

Percentile

50.8%

JSON

Dell SmartFabric Storage Software version 1.3 and lower contain an improper input validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability and escalate privileges up to the highest administration level. This is a critical severity vulnerability affecting user authentication. Dell recommends customers to upgrade at the earliest opportunity.

Affected configurations

Nvd

Node

dellsmartfabric_storage_softwareRange<1.4.0

VendorProductVersionCPE
dellsmartfabric_storage_software*cpe:2.3:a:dell:smartfabric_storage_software:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	smartfabric_storage_software	*	cpe:2.3:a:dell:smartfabric_storage_software::::::::

References

www.dell.com/support/kbdoc/en-us/000216587/dsa-2023-283-security-update-for-dell-smartfabric-storage-software-vulnerabilities

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.001

Percentile

50.8%

JSON

Related for NVD:CVE-2023-32485

cnvd1 vulnrichment1 cve1 prion1 cvelist1