Lucene search

[email protected]NVD:CVE-2023-43072

HistoryOct 05, 2023 - 6:15 p.m.

CVE-2023-43072

2023-10-0518:15:12

CWE-284

[email protected]

web.nvd.nist.gov

dell

smartfabric

storage software

access control

vulnerability

cli

local attacker

unauthenticated

exploit

shell commands

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

5.7

Confidence

High

EPSS

Percentile

10.3%

JSON

Dell SmartFabric Storage Software v1.4 (and earlier) contains an improper access control vulnerability in the CLI. A local possibly unauthenticated attacker could potentially exploit this vulnerability, leading to ability to execute arbritrary shell commands.

Affected configurations

Nvd

Node

dellsmartfabric_storage_softwareRange<1.4.1

VendorProductVersionCPE
dellsmartfabric_storage_software*cpe:2.3:a:dell:smartfabric_storage_software:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	smartfabric_storage_software	*	cpe:2.3:a:dell:smartfabric_storage_software::::::::

References

www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

5.7

Confidence

High

EPSS

Percentile

10.3%

JSON

Related for NVD:CVE-2023-43072

prion1 vulnrichment1 cnvd1 cvelist1 cve1