Lucene search

DellCVE-2023-43072

HistoryOct 05, 2023 - 6:15 p.m.

CVE-2023-43072

2023-10-0518:15:12

CWE-284

dell

web.nvd.nist.gov

cve-2023-43072

dell

smartfabric

storage software

cli

access control

vulnerability

nvd

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

Percentile

10.3%

JSON

Dell SmartFabric Storage Software v1.4 (and earlier) contains an improper access control vulnerability in the CLI. A local possibly unauthenticated attacker could potentially exploit this vulnerability, leading to ability to execute arbritrary shell commands.

Affected configurations

Nvd

Vulners

Node

dellsmartfabric_storage_softwareRange<1.4.1

VendorProductVersionCPE
dellsmartfabric_storage_software*cpe:2.3:a:dell:smartfabric_storage_software:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	smartfabric_storage_software	*	cpe:2.3:a:dell:smartfabric_storage_software::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Dell SmartFabric Storage Software",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": "v1.4.0 and prior"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

Percentile

10.3%

JSON

Related for CVE-2023-43072