Lucene search

DellCVELIST:CVE-2023-23690

HistoryJan 19, 2023 - 11:25 a.m.

CVE-2023-23690

2023-01-1911:25:48

CWE-299

dell

www.cve.org

cve-2023-23690

improper check

exploitation

man-in-the-middle

eavesdrop

encrypted communications

cloud storage

compromise

sensitive information

downtime

integrity.

7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L

0.001 Low

EPSS

Percentile

40.5%

JSON

Cloud Mobility for Dell EMC Storage, versions 1.3.0.X and below contains an Improper Check for Certificate Revocation vulnerability. A threat actor does not need any specific privileges to potentially exploit this vulnerability. An attacker could perform a man-in-the-middle attack and eavesdrop on encrypted communications from Cloud Mobility to Cloud Storage devices. Exploitation could lead to the compromise of secret and sensitive information, cloud storage connection downtime, and the integrity of the connection to the Cloud devices.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Cloud Mobility for Dell Storage",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "1.3.3.X",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000207521/dsa-2023-019-dell-emc-cloud-mobility-security-update-for-certificate-revocation-vulnerability

7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L

0.001 Low

EPSS

Percentile

40.5%

JSON

Related for CVELIST:CVE-2023-23690