CVE-2023-43072 - OpenCVE

Dell SmartFabric Storage Software v1.4 (and earlier) contains an improper access control vulnerability in the CLI. A local possibly unauthenticated attacker could potentially exploit this vulnerability, leading to ability to execute arbritrary shell commands.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Dell	Smartfabric Storage Software

Configuration 1 [-]

cpe:2.3:a:dell:smartfabric_storage_software:*:*:*:*:*:*:*:*

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: dell

Published: 2023-10-05T17:47:43.394Z

Updated: 2023-10-05T17:47:43.394Z

Reserved: 2023-09-15T07:00:32.006Z

Link: CVE-2023-43072

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-10-05T18:15:12.463

Modified: 2023-10-06T17:55:43.053

Link: CVE-2023-43072

JSON object: View

Redhat Information

No data.

CWE

CWE-284

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-43072", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2023-09-15T07:00:32.006Z", "datePublished": "2023-10-05T17:47:43.394Z", "dateUpdated": "2023-10-05T17:47:43.394Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Dell SmartFabric Storage Software", "vendor": "Dell", "versions": [{"status": "affected", "version": "v1.4.0 and prior"}]}], "datePublic": "2023-09-28T06:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Dell SmartFabric Storage Software v1.4 (and earlier) contains an improper access control vulnerability in the CLI. A local possibly unauthenticated attacker could potentially exploit this vulnerability, leading to ability to execute arbritrary shell commands.</span>\n\n"}], "value": "\nDell SmartFabric Storage Software v1.4 (and earlier) contains an improper access control vulnerability in the CLI. A local possibly unauthenticated attacker could potentially exploit this vulnerability, leading to ability to execute arbritrary shell commands.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284: Improper Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2023-10-05T17:47:43.394Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:smartfabric_storage_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "9BD8875C-3CAC-443C-A6B5-FE7F702B5DFD", "versionEndExcluding": "1.4.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\nDell SmartFabric Storage Software v1.4 (and earlier) contains an improper access control vulnerability in the CLI. A local possibly unauthenticated attacker could potentially exploit this vulnerability, leading to ability to execute arbritrary shell commands.\n\n"}, {"lang": "es", "value": "Dell SmartFabric Storage Software v1.4 (y anteriores) contiene una vulnerabilidad de control de acceso inadecuado en la CLI. Un atacante local posiblemente no autenticado podr\u00eda explotar esta vulnerabilidad, lo que permitir\u00eda ejecutar comandos de shell arbitrarios."}], "id": "CVE-2023-43072", "lastModified": "2023-10-06T17:55:43.053", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 2.5, "source": "security_alert@emc.com", "type": "Secondary"}]}, "published": "2023-10-05T18:15:12.463", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "security_alert@emc.com", "type": "Primary"}]}