CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32485
https://notcve.org/view.php?id=CVE-2023-32485
Dell SmartFabric Storage Software version 1.3 and lower contain an improper input validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability and escalate privileges up to the highest administration level. This is a critical severity vulnerability affecting user authentication. Dell recommends customers to upgrade at the earliest opportunity. Dell SmartFabric Storage Software versión 1.3 y anteriores contienen una vulnerabilidad de validación de entrada incorrecta. • https://www.dell.com/support/kbdoc/en-us/000216587/dsa-2023-283-security-update-for-dell-smartfabric-storage-software-vulnerabilities • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43073
https://notcve.org/view.php?id=CVE-2023-43073
Dell SmartFabric Storage Software v1.4 (and earlier) contains an Improper Input Validation vulnerability in RADIUS configuration. An authenticated remote attacker could potentially exploit this vulnerability, leading to gaining unauthorized access to data. Dell SmartFabric Storage Software v1.4 (y anteriores) contiene una vulnerabilidad de validación de entrada incorrecta en la configuración RADIUS. Un atacante remoto autenticado podría explotar esta vulnerabilidad y obtener acceso no autorizado a los datos. • https://www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43072
https://notcve.org/view.php?id=CVE-2023-43072
Dell SmartFabric Storage Software v1.4 (and earlier) contains an improper access control vulnerability in the CLI. A local possibly unauthenticated attacker could potentially exploit this vulnerability, leading to ability to execute arbritrary shell commands. Dell SmartFabric Storage Software v1.4 (y anteriores) contiene una vulnerabilidad de control de acceso inadecuado en la CLI. Un atacante local posiblemente no autenticado podría explotar esta vulnerabilidad, lo que permitiría ejecutar comandos de shell arbitrarios. • https://www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities • CWE-284: Improper Access Control •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43071
https://notcve.org/view.php?id=CVE-2023-43071
Dell SmartFabric Storage Software v1.4 (and earlier) contains possible vulnerabilities for HTML injection or CVS formula injection which might escalate to cross-site scripting attacks in HTML pages in the GUI. A remote authenticated attacker could potentially exploit these issues, leading to various injection type attacks. Dell SmartFabric Storage Software v1.4 (y anteriores) contiene posibles vulnerabilidades para la inyección de HTML o de fórmula CVS que podrían derivar en ataques de Cross-Site Scripting en páginas HTML en la GUI. Un atacante autenticado remotamente podría explotar estos problemas, lo que daría lugar a varios ataques de inyección. • https://www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43070
https://notcve.org/view.php?id=CVE-2023-43070
Dell SmartFabric Storage Software v1.4 (and earlier) contains a Path Traversal Vulnerability in the HTTP interface. A remote authenticated attacker could potentially exploit this vulnerability, leading to modify or write arbitrary files to arbitrary locations in the license container. Dell SmartFabric Storage Software v1.4 (y anteriores) contiene una vulnerabilidad de path traversal en la interfaz HTTP. Un atacante autenticado remoto podría explotar esta vulnerabilidad, lo que podría provocar la modificación o escritura de archivos arbitrarios en ubicaciones arbitrarias del contenedor de licencias. • https://www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •