CVE-2023-23690

EPSS 0.07%
Veröffentlicht 19.01.2023 12:15:13
Zuletzt bearbeitet 21.11.2024 07:46:40
Quelle security_alert@emc.com
Teams Watchlist Login
Unerledigt Login

Cloud Mobility for Dell EMC Storage, versions 1.3.0.X and below contains an Improper Check for Certificate Revocation vulnerability. A threat actor does not need any specific privileges to potentially exploit this vulnerability. An attacker could perform a man-in-the-middle attack and eavesdrop on encrypted communications from Cloud Mobility to Cloud Storage devices. Exploitation could lead to the compromise of secret and sensitive information, cloud storage connection downtime, and the integrity of the connection to the Cloud devices.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dell ≫ Cloud Mobility For Dell Emc Storage Version < 1.3.4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.194

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7	2.2	4.7	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
security_alert@emc.com	7	2.2	4.7	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

CWE-299 Improper Check for Certificate Revocation

The product does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a certificate that has been compromised.

https://www.dell.com/support/kbdoc/en-us/000207521/dsa-2023-019-dell-emc-cloud-mobility-security-update-for-certificate-revocation-vulnerability

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-23690

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-23690

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-23690

EUVD