CVE-2023-43074 - OpenCVE

Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by crafting arbitrary files through a request to the server.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Dell	Unity Operating Environment Unityvsa Operating Environment Unity Xt Operating Environment

Configuration 1 [-]

OR	cpe:2.3:a:dell:unity_operating_environment::::::::
	cpe:2.3:a:dell:unity_xt_operating_environment::::::::
	cpe:2.3:a:dell:unityvsa_operating_environment::::::::

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unity-vsa-and-unity-xt-security-update-for-multiple-vulnerabilities	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: dell

Published: 2023-10-23T14:50:11.610Z

Updated: 2023-10-23T14:50:11.610Z

Reserved: 2023-09-15T07:00:32.006Z

Link: CVE-2023-43074

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-10-23T15:15:09.127

Modified: 2023-10-28T03:29:38.597

Link: CVE-2023-43074

JSON object: View

Redhat Information

No data.

CWE

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*", "matchCriteriaId": "39CE8E4C-9B83-4FF4-A662-393566EAAAB5", "versionEndExcluding": "5.3.0.0.5.120", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:unity_xt_operating_environment:*:*:*:*:*:*:*:*", "matchCriteriaId": "D273B881-FD6C-49AB-BD83-1C12251FAAEC", "versionEndExcluding": "5.3.0.0.5.120", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:unityvsa_operating_environment:*:*:*:*:*:*:*:*", "matchCriteriaId": "D8155312-9B7C-4A0B-A494-3E5D4AE81B40", "versionEndExcluding": "5.3.0.0.5.120", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\nDell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by crafting arbitrary files through a request to the server.\n\n"}, {"lang": "es", "value": "Dell Unity 5.3 contiene una vulnerabilidad de creaci\u00f3n arbitraria de archivos. Un atacante remoto no autenticado podr\u00eda explotar esta vulnerabilidad creando archivos arbitrarios mediante una solicitud al servidor."}], "id": "CVE-2023-43074", "lastModified": "2023-10-28T03:29:38.597", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 4.2, "source": "security_alert@emc.com", "type": "Secondary"}]}, "published": "2023-10-23T15:15:09.127", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unity-vsa-and-unity-xt-security-update-for-multiple-vulnerabilities"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-73"}], "source": "security_alert@emc.com", "type": "Secondary"}]}