CVE-2023-44296: DSA-2023-419: Security Update for Mobility - E-Lab Navigator Vulnerabilities

Impact

High

Details

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2023-44296

Dell ELab-Navigator, version 3.1.9 contains a hard-coded credential vulnerability. A local attacker could potentially exploit this vulnerability, leading to unauthorized access to sensitive data. Successful exploitation may result in the compromise of confidential user information.

8.4

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2023-44296

Dell ELab-Navigator, version 3.1.9 contains a hard-coded credential vulnerability. A local attacker could potentially exploit this vulnerability, leading to unauthorized access to sensitive data. Successful exploitation may result in the compromise of confidential user information.

8.4

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

CVEs Addressed

Product

Affected Versions

Remediated Versions

Link

CVE-2023-44296

Mobility - E-Lab Navigator

Versions 3.1.8 and 3.1.9

Version 3.2.0

https://play.google.com/store/apps/details?id=com.emc.mobileapps.elabnavigator&pcampaignid=web_share

CVEs Addressed

Product

Affected Versions

Remediated Versions

Link

CVE-2023-44296

Mobility - E-Lab Navigator

Versions 3.1.8 and 3.1.9

Version 3.2.0

https://play.google.com/store/apps/details?id=com.emc.mobileapps.elabnavigator&pcampaignid=web_share

Acknowledgements

Dell Technologies would like to thank testingforbugs00 for reporting this issue.

Revision History

Revision

Date

Description

1.0

2023-11-15

Initial Release

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide