CVE-2023-23690 - OpenCVE

Cloud Mobility for Dell EMC Storage, versions 1.3.0.X and below contains an Improper Check for Certificate Revocation vulnerability. A threat actor does not need any specific privileges to potentially exploit this vulnerability. An attacker could perform a man-in-the-middle attack and eavesdrop on encrypted communications from Cloud Mobility to Cloud Storage devices. Exploitation could lead to the compromise of secret and sensitive information, cloud storage connection downtime, and the integrity of the connection to the Cloud devices.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Dell	Cloud Mobility For Dell Emc Storage

Configuration 1 [-]

cpe:2.3:a:dell:cloud_mobility_for_dell_emc_storage:*:*:*:*:*:*:*:*

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000207521/dsa-2023-019-dell-emc-cloud-mobility-security-update-for-certificate-revocation-vulnerability	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: dell

Published: 2023-01-19T11:25:48.778Z

Updated: 2023-01-19T11:26:26.002Z

Reserved: 2023-01-17T05:22:17.394Z

Link: CVE-2023-23690

JSON object: View

NVD Information

Status : Modified

Published: 2023-01-19T12:15:13.623

Modified: 2023-11-07T04:07:52.187

Link: CVE-2023-23690

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-23690", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2023-01-17T05:22:17.394Z", "datePublished": "2023-01-19T11:25:48.778Z", "dateUpdated": "2023-01-19T11:26:26.002Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Cloud Mobility for Dell Storage", "vendor": "Dell", "versions": [{"lessThan": "1.3.3.X", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Cloud Mobility for Dell EMC Storage, versions 1.3.0.X and below contains an Improper Check for Certificate Revocation vulnerability. A threat actor does not need any specific privileges to potentially exploit this vulnerability. An attacker could perform a man-in-the-middle attack and eavesdrop on encrypted communications from Cloud Mobility to Cloud Storage devices. Exploitation could lead to the compromise of secret and sensitive information, cloud storage connection downtime, and the integrity of the connection to the Cloud devices.</span>\n\n"}], "value": "\nCloud Mobility for Dell EMC Storage, versions 1.3.0.X and below contains an Improper Check for Certificate Revocation vulnerability. A threat actor does not need any specific privileges to potentially exploit this vulnerability. An attacker could perform a man-in-the-middle attack and eavesdrop on encrypted communications from Cloud Mobility to Cloud Storage devices. Exploitation could lead to the compromise of secret and sensitive information, cloud storage connection downtime, and the integrity of the connection to the Cloud devices.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-299", "description": "CWE-299: Improper Check for Certificate Revocation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2023-01-19T11:26:26.002Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000207521/dsa-2023-019-dell-emc-cloud-mobility-security-update-for-certificate-revocation-vulnerability"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:cloud_mobility_for_dell_emc_storage:*:*:*:*:*:*:*:*", "matchCriteriaId": "84315A17-180D-40FA-9789-3EF236F4DADE", "versionEndExcluding": "1.3.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\nCloud Mobility for Dell EMC Storage, versions 1.3.0.X and below contains an Improper Check for Certificate Revocation vulnerability. A threat actor does not need any specific privileges to potentially exploit this vulnerability. An attacker could perform a man-in-the-middle attack and eavesdrop on encrypted communications from Cloud Mobility to Cloud Storage devices. Exploitation could lead to the compromise of secret and sensitive information, cloud storage connection downtime, and the integrity of the connection to the Cloud devices.\n\n"}, {"lang": "es", "value": "Cloud Mobility for Dell EMC Storage, versiones 1.3.0.X e inferiores, contiene una vulnerabilidad de verificaci\u00f3n incorrecta de revocaci\u00f3n de certificados. Un actor de amenazas no necesita ning\u00fan privilegio espec\u00edfico para explotar potencialmente esta vulnerabilidad. Un atacante podr\u00eda realizar un ataque man-in-the-middle y escuchar a escondidas las comunicaciones cifradas desde Cloud Mobility a los dispositivos de Cloud Storage. La explotaci\u00f3n podr\u00eda comprometer la informaci\u00f3n secreta y sensible, el tiempo de inactividad de la conexi\u00f3n de almacenamiento en la nube y la integridad de la conexi\u00f3n a los dispositivos en la nube."}], "id": "CVE-2023-23690", "lastModified": "2023-11-07T04:07:52.187", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 4.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 4.7, "source": "security_alert@emc.com", "type": "Secondary"}]}, "published": "2023-01-19T12:15:13.623", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000207521/dsa-2023-019-dell-emc-cloud-mobility-security-update-for-certificate-revocation-vulnerability"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-299"}], "source": "security_alert@emc.com", "type": "Secondary"}]}