Headline
CVE-2023-23691: DSA-2023-018: Dell PowerVault ME5 Security Update for a Client Desync Attack Vulnerability
Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains a Client-side desync Vulnerability. An unauthenticated attacker could potentially exploit this vulnerability to force a victim’s browser to desynchronize its connection with the website, typically leading to XSS and DoS.
Artikkelin sisältö
Vaikutus
High
Tiedot
Proprietary Code CVEs
Description
CVSS Base Score
CVSS Vector String
CVE-2023-23691
Dell PV ME5 versions ME5.1.0.0.0 and ME5.1.0.1.0 contain a Client-side desync Vulnerability. An unauthenticated attacker may potentially exploit this vulnerability to force a victim’s browser to desynchronize its connection with the website, typically leading to XSS and DoS.
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Proprietary Code CVEs
Description
CVSS Base Score
CVSS Vector String
CVE-2023-23691
Dell PV ME5 versions ME5.1.0.0.0 and ME5.1.0.1.0 contain a Client-side desync Vulnerability. An unauthenticated attacker may potentially exploit this vulnerability to force a victim’s browser to desynchronize its connection with the website, typically leading to XSS and DoS.
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.
Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen
Product
Affected Versions
Updated Versions
ME5012, ME5024, and ME5084
Versions before ME5.1.1.0.5
ME5.1.1.0.5
Product
Affected Versions
Updated Versions
ME5012, ME5024, and ME5084
Versions before ME5.1.1.0.5
ME5.1.1.0.5
Kiitokset
Dell Technologies would like to thank KEN PYLE, EXPLOIT DEVELOPER & PARTNER AT CYBIR / GRADUATE PROFESSOR AT CHESTNUT HILL COLLEGE for reporting this issue.
Versiohistoria
Revision
Date
Description
1.0
2023-01-17
Initial Release
Asiaan liittyvät tiedot
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide
Artikkelin ominaisuudet
Tuote, johon asia vaikuttaa
PowerVault MD Storage Arrays Management Pack Versions for Microsoft System Center Operations, PowerVault, MD Series, ME Series, NX Series, Tape Backup & Recovery, PowerVault MD Storage Arrays Management Pack , Dell MD Storage Array Management Pack Suite Version 5.0 For Microsoft System Center Operations, Dell MD Storage Arrays Management Pack Suite v6.0 for Microsoft System Center Operations Manager, Dell MD Storage Arrays Management Pack Suite v6.1 for Microsoft System Center Operations Manager, Dell PowerVault MD Storage Arrays Management Pack Version 4.0 for Microsoft System Center Oper Mangr, Dell PowerVault MD Storage Arrays Management Pack Version 4.1 for Microsoft System Center Oper Mngr, Dell PowerVault MD3000 with Red Hat Enterprise Linux HA Clusters, Dell PowerVault MD3000 with Windows HA Clusters, Dell PowerVault MD3000i with Windows HA Clusters, Dell PowerVault MD3200/MD3220-Windows HA Cluster, Dell PowerVault MD3200i and MD3220i with Windows HA Clusters, Dell PowerVault MD3600f/3620f Windows HA Cluster, Dell PowerVault MD3600i/3620i Windows HA Cluster, Dell EMC ML3, Dell PowerVault OEM Ready MD34XX and MD38XX, PowerVault 100T DAT72, PowerVault 100T DDS3 (Tape Drive), PowerVault 100T TR40, PowerVault 110T DLT7000 (Tape Drive), 110T DLT1 Drive, 110T DLT4000 Cartridge Tape Subsystem, PowerVault 110T LTO2-L, PowerVault 110T LTO3, PowerVault 110T VS160, PowerVault 110T DLT VS80 (Tape Drive), PowerVault 112T 1U (Tape Enclosure), PowerVault 114X Tape Rack Enclosure, PowerVault 120T DDS4 (Autoloader), PowerVault 120T DLT4000 (Autoloader), PowerVault 120T DLT7000 (Autoloader), PowerVault 122T DLT VS80 (Autoloader), PowerVault 124T, PowerVault 130T DLT (Tape Library), PowerVault 210S (SCSI), PowerVault 211S (SCSI), PowerVault 220S (SCSI), PowerVault 221S (SCSI), PowerVault 224F (Fibre Channel Expansion), PowerVault 250F (Fibre Channel), PowerVault 251F (Fibre Channel), PowerVault 35F (Fibre Channel Bridge), PowerVault 50F (Fibre Channel Switch), PowerVault 51F (8P Fibre Channel Switch), PowerVault 530F (SAN Appliance), PowerVault 56F (16P Fibre Channel Switch), PowerVault 57F, PowerVault 630F (Fibre Channel Expansion), PowerVault 650F (Fibre Channel RAID), PowerVault 651F (Fibre Channel), PowerVault 660F (Fibre Channel RAID), PowerVault 700N, PowerVault 701N (Deskside NAS Appliance), PowerVault 715N (Rackmount NAS Appliance), PowerVault 725N (Rackmount NAS Appliance), PowerVault 735N (Rackmount NAS Appliance), PowerVault 745N, PowerVault 750N (Deskside NAS Appliance), PowerVault 755N (Rackmount NAS Appliance), PowerVault 770N (Deskside NAS Appliance), PowerVault 775N (Rackmount NAS Appliance), PowerVault 720N, 740N, and 760N (Filers), PowerVault 120T DDS3 (Autoloader), Dell DL1000, PowerVault DL2000, PowerVault DL2100, PowerVault DL2200 CommVault, PowerVault DL2200, Powervault DL2300, Dell DL4000, PowerVault 120T DLT1 (Autoloader), PowerVault DP100, PowerVault DP500, PowerVault DP600, Dell DR2000v, Dell DR4100, Dell DR6000, PowerVault DX6104, PowerVault DX6112, PowerVault 100T (IDE Tape Drive), POWER VAULT 114X LTO5 140, PowerVault 110T LTO (Tape Drive), PowerVault 122T LTO (Autoloader), PowerVault 128T LTO/SDLT (Tape Library), PowerVault 132T LTO/SDLT (Tape Library), PowerVault 136T LTO/SDLT (Tape Library), PowerVault 110T LTO2 (Tape Drive), PowerVault 122T LTO2 (Autoloader), PowerVault 160T LTO2 (Tape Library), PowerVault LTO3-060, PowerVault LTO3-080, PowerVault LTO4-120HH, PowerVault LTO5-140, Powervault LTO6, PowerVault LTO7, PowerVault LTO8, PowerVault LTO9, PowerVault 200S (SCSI), PowerVault 201S (SCSI), PowerVault MD1000, PowerVault MD1120, PowerVault MD1200, PowerVault MD1220, PowerVault MD3000, PowerVault MD3000i, PowerVault MD3060e, PowerVault MD3200, PowerVault MD3200i, PowerVault MD3220, PowerVault MD3220i, PowerVault MD3260, PowerVault MD3260i, PowerVault MD3400, PowerVault MD3420, PowerVault MD3460, PowerVault MD3600f, PowerVault MD3600i, PowerVault MD3620f, PowerVault MD3620i, PowerVault MD3660f, PowerVault MD3660i, PowerVault MD3800f, PowerVault MD3800i, PowerVault MD3820f, PowerVault MD3820i, PowerVault MD3860f, PowerVault MD3860i, Dell EMC PowerVault ME4012, Dell EMC PowerVault ME4024, Dell EMC PowerVault ME4084, Dell EMC PowerVault ME412 Expansion, Dell EMC PowerVault ME424 Expansion, Dell EMC PowerVault ME484, PowerVault ME5012, PowerVault ME5024, PowerVault ME5084, PowerVault ML6000, PowerVault NF100, PowerVault NF500, PowerVault NF600, PowerVault NX1950, PowerVault NX200, PowerVault NX300, PowerVault NX3000, PowerVault NX3100, PowerVault NX3200, PowerVault NX3300, PowerVault NX3500, PowerVault NX3600, PowerVault NX3610, Powervault NX400, PowerVault RD1000, PowerVault Storage Area Network (SAN), PowerVault 110T SDLT220 (Tape Drive), PowerVault 110T SDLT320 (Tape Drive), PowerVault 122T SDLT 320 (Autoloader), PowerVault TL2000, PowerVault TL4000, Product Security Information, Dell Storage MD1280, Dell Storage MD1400, Dell Storage MD1420, Dell Storage NX3230, Dell EMC Storage NX3240, Dell Storage NX3330, Dell EMC Storage NX3340, Dell Storage NX430, Dell EMC NX440, PowerVault TL1000 …
Edellinen julkaisupäivä
18 tammik. 2023
Versio
2
Artikkelin tyyppi
Dell Security Advisory