CVE-2023-23691
Published on: Not Yet Published
Last Modified on: 11/07/2023 04:07:00 AM UTC
Certain versions of Powervault Me5012 from Dell contain the following vulnerability:
Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains a Client-side desync Vulnerability. An unauthenticated attacker could potentially exploit this vulnerability to force a victim's browser to desynchronize its connection with the website, typically leading to XSS and DoS.
- CVE-2023-23691 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.
- Affected Vendor/Software: Dell - Dell PowerVault ME5 version = 0
CVSS3 Score: 8.8 - HIGH
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | NONE | REQUIRED |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
CHANGED | LOW | LOW | HIGH |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Access Denied | www.dell.com text/html Inactive LinkNot Archived | MISC www.dell.com/support/kbdoc/en-us/000207533/dsa-2023-018-dell-emc-powervault-me5-security-update-for-a-client-desync-attack-vulnerability |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Hardware | Dell | Powervault Me5012 | - | All | All | All |
Operating System | Dell | Powervault Me5012 Firmware | All | All | All | All |
Hardware | Dell | Powervault Me5024 | - | All | All | All |
Operating System | Dell | Powervault Me5024 Firmware | All | All | All | All |
Hardware | Dell | Powervault Me5084 | - | All | All | All |
Operating System | Dell | Powervault Me5084 Firmware | All | All | All | All |
- cpe:2.3:h:dell:powervault_me5012:-:*:*:*:*:*:*:*:
- cpe:2.3:o:dell:powervault_me5012_firmware:*:*:*:*:*:*:*:*:
- cpe:2.3:h:dell:powervault_me5024:-:*:*:*:*:*:*:*:
- cpe:2.3:o:dell:powervault_me5024_firmware:*:*:*:*:*:*:*:*:
- cpe:2.3:h:dell:powervault_me5084:-:*:*:*:*:*:*:*:
- cpe:2.3:o:dell:powervault_me5084_firmware:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
@CVEreport | CVE-2023-23691 : Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains a Client-side desync Vulnerability… twitter.com/i/web/status/1… | 2023-01-20 08:07:33 |