CVE-2023-32465

EPSS 0.12%
Veröffentlicht 14.06.2023 14:15:09
Zuletzt bearbeitet 21.11.2024 08:03:24
Quelle security_alert@emc.com
Teams Watchlist Login
Unerledigt Login

Dell Power Protect Cyber Recovery, contains an Authentication Bypass vulnerability. An attacker could potentially exploit this vulnerability, leading to unauthorized admin access to the Cyber Recovery application. Exploitation may lead to complete system takeover by an attacker.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dell ≫ Powerprotect Cyber Recovery Version >= 19.4 <= 19.13.0.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.328

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
security_alert@emc.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-644 Improper Neutralization of HTTP Headers for Scripting Syntax

The product does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers, such as Flash.

https://www.dell.com/support/kbdoc/en-us/000214943/dsa-2023-201-security-update-for-dell-powerprotect-cyber-recovery

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-32465

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-32465

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-32465

EUVD