Headline
CVE-2023-23690: DSA-2023-019: Dell Cloud Mobility Security Update for Certificate Revocation Vulnerability
Cloud Mobility for Dell EMC Storage, versions 1.3.0.X and below contains an Improper Check for Certificate Revocation vulnerability. A threat actor does not need any specific privileges to potentially exploit this vulnerability. An attacker could perform a man-in-the-middle attack and eavesdrop on encrypted communications from Cloud Mobility to Cloud Storage devices. Exploitation could lead to the compromise of secret and sensitive information, cloud storage connection downtime, and the integrity of the connection to the Cloud devices.
Vaikutus
High
Tiedot
Proprietary Code CVE
Description
CVSS Base Score
CVSS Vector String
CVE-2023-23690
Cloud Mobility for Dell Storage versions 1.3.0.X and earlier contain an Improper Check for Certificate Revocation vulnerability. A threat actor does not need any specific privileges to potentially exploit this vulnerability. An attacker may perform a man-in-the-middle attack and eavesdrop on encrypted communications from Cloud Mobility to Cloud Storage devices. Exploitation may lead to the compromise of secret and sensitive information, cloud storage connection downtime, and the integrity of the connection to the Cloud devices.
7.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
Proprietary Code CVE
Description
CVSS Base Score
CVSS Vector String
CVE-2023-23690
Cloud Mobility for Dell Storage versions 1.3.0.X and earlier contain an Improper Check for Certificate Revocation vulnerability. A threat actor does not need any specific privileges to potentially exploit this vulnerability. An attacker may perform a man-in-the-middle attack and eavesdrop on encrypted communications from Cloud Mobility to Cloud Storage devices. Exploitation may lead to the compromise of secret and sensitive information, cloud storage connection downtime, and the integrity of the connection to the Cloud devices.
7.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.
Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen
CVE Addressed
Product
Affected Versions
Updated Version
Link to Update
CVE-2023-23690
Cloud Mobility for Dell Storage
Versions 1.3.3.X and earlier
1.3.4.0
AWS:
https://aws.amazon.com/marketplace/pp/prodview-puxtams7ngwwk
VMware:
https://marketplace.cloud.vmware.com/services/details/cloud-mobility-for-dell-emc-storage-1-1-1-1-1?slug=true
Note: Customers should only use the latest versions of Cloud Mobility for Dell Storage on the AWS or VMware Marketplaces. We recommend downloading the newest versions of Cloud Mobility for Dell Storage to obtain a fix for this issue.
CVE Addressed
Product
Affected Versions
Updated Version
Link to Update
CVE-2023-23690
Cloud Mobility for Dell Storage
Versions 1.3.3.X and earlier
1.3.4.0
AWS:
https://aws.amazon.com/marketplace/pp/prodview-puxtams7ngwwk
VMware:
https://marketplace.cloud.vmware.com/services/details/cloud-mobility-for-dell-emc-storage-1-1-1-1-1?slug=true
Note: Customers should only use the latest versions of Cloud Mobility for Dell Storage on the AWS or VMware Marketplaces. We recommend downloading the newest versions of Cloud Mobility for Dell Storage to obtain a fix for this issue.
Versiohistoria
Revision
Date
Description
1.0
2023-01-17
Initial Release
Asiaan liittyvät tiedot
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide
Cloud Mobility, Cloud Mobility for Dell EMC Storage, Product Security Information
17 tammik. 2023