CVE-2023-32465

EPSS 0.12%
Published 14.06.2023 14:15:09
Last modified 21.11.2024 08:03:24
Source security_alert@emc.com
Teams watchlist Login
Open Login

Dell Power Protect Cyber Recovery, contains an Authentication Bypass vulnerability. An attacker could potentially exploit this vulnerability, leading to unauthorized admin access to the Cyber Recovery application. Exploitation may lead to complete system takeover by an attacker.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Dell ≫ Powerprotect Cyber Recovery Version >= 19.4 <= 19.13.0.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.12%	0.328

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
security_alert@emc.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-644 Improper Neutralization of HTTP Headers for Scripting Syntax

The product does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers, such as Flash.

https://www.dell.com/support/kbdoc/en-us/000214943/dsa-2023-201-security-update-for-dell-powerprotect-cyber-recovery

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-32465

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-32465

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-32465

EUVD