Lucene search

DellCVE-2023-43068

HistoryOct 05, 2023 - 6:15 p.m.

CVE-2023-43068

2023-10-0518:15:12

CWE-78

dell

web.nvd.nist.gov

cve-2023-43068

dell

smartfabric

storage

software

os command injection

vulnerability

ssh

nvd

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

29.2%

JSON

Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the restricted shell in SSH. An authenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary commands.

Affected configurations

Nvd

Vulners

Node

dellsmartfabric_storage_softwareRange<1.4.1

VendorProductVersionCPE
dellsmartfabric_storage_software*cpe:2.3:a:dell:smartfabric_storage_software:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	smartfabric_storage_software	*	cpe:2.3:a:dell:smartfabric_storage_software::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Dell SmartFabric Storage Software",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": "v1.4.0 and prior"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

29.2%

JSON

Related for CVE-2023-43068