Lucene search

DellVULNRICHMENT:CVE-2023-43072

HistoryOct 05, 2023 - 5:47 p.m.

CVE-2023-43072

2023-10-0517:47:43

CWE-284

dell

github.com

dell smartfabric storage software

access control vulnerability

cli

arbitrary shell commands

cve-2023-43072

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

AI Score

7.3

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Dell SmartFabric Storage Software v1.4 (and earlier) contains an improper access control vulnerability in the CLI. A local possibly unauthenticated attacker could potentially exploit this vulnerability, leading to ability to execute arbritrary shell commands.

References

www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

AI Score

7.3

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2023-43072