Lucene search

DellCVELIST:CVE-2023-43072

HistoryOct 05, 2023 - 5:47 p.m.

CVE-2023-43072

2023-10-0517:47:43

CWE-284

dell

www.cve.org

dell

smartfabric storage

vulnerability

improper access control

cli

arbitrary shell commands

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

EPSS

Percentile

10.3%

JSON

Dell SmartFabric Storage Software v1.4 (and earlier) contains an improper access control vulnerability in the CLI. A local possibly unauthenticated attacker could potentially exploit this vulnerability, leading to ability to execute arbritrary shell commands.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Dell SmartFabric Storage Software",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": "v1.4.0 and prior"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

EPSS

Percentile

10.3%

JSON

Related for CVELIST:CVE-2023-43072