CVE-2023-23690

EPSS 0.07%
Published 19.01.2023 12:15:13
Last modified 21.11.2024 07:46:40
Source security_alert@emc.com
Teams watchlist Login
Open Login

Cloud Mobility for Dell EMC Storage, versions 1.3.0.X and below contains an Improper Check for Certificate Revocation vulnerability. A threat actor does not need any specific privileges to potentially exploit this vulnerability. An attacker could perform a man-in-the-middle attack and eavesdrop on encrypted communications from Cloud Mobility to Cloud Storage devices. Exploitation could lead to the compromise of secret and sensitive information, cloud storage connection downtime, and the integrity of the connection to the Cloud devices.

Affected products Warnungen 0 Metrics 3 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Dell ≫ Cloud Mobility For Dell Emc Storage Version < 1.3.4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.07%	0.194

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7	2.2	4.7	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
security_alert@emc.com	7	2.2	4.7	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

CWE-299 Improper Check for Certificate Revocation

The product does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a certificate that has been compromised.

https://www.dell.com/support/kbdoc/en-us/000207521/dsa-2023-019-dell-emc-cloud-mobility-security-update-for-certificate-revocation-vulnerability

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-23690

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-23690

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-23690

EUVD