Input validation

2023-06-2308:15:00

PRIOn knowledge base

www.prio-n.com

dell vxrail

version 7.0.450

improper certificate validation

remote attacker

man-in-the-middle attack

crafted certificate

intercepting traffic

3.9 Low

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.8%

JSON

Dell VxRail, versions prior to 7.0.450, contain an improper certificate validation vulnerability. A high privileged remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim’s traffic to view or modify a victim’s data in transit.

CPENameOperatorVersion
vxrail_d560_firmwarege7.0.0
vxrail_d560_firmwarelt7.0.450
vxrail_d560f_firmwarege7.0.0
vxrail_d560f_firmwarelt7.0.450
vxrail_e460_firmwarege7.0.0
vxrail_e460_firmwarelt7.0.450
vxrail_e560_firmwarege7.0.0
vxrail_e560_firmwarelt7.0.450
vxrail_e560_vcf_firmwarege7.0.0
vxrail_e560_vcf_firmwarelt7.0.450

Name	Operator	Version
vxrail_d560_firmware	ge	7.0.0
vxrail_d560_firmware	lt	7.0.450
vxrail_d560f_firmware	ge	7.0.0
vxrail_d560f_firmware	lt	7.0.450
vxrail_e460_firmware	ge	7.0.0
vxrail_e460_firmware	lt	7.0.450
vxrail_e560_firmware	ge	7.0.0
vxrail_e560_firmware	lt	7.0.450
vxrail_e560_vcf_firmware	ge	7.0.0
vxrail_e560_vcf_firmware	lt	7.0.450