Sign-up

ID

VAR-202301-1557


CVE

CVE-2023-23690


TITLE

Cloud Mobility for Dell EMC Storage  Certificate validation vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2023-002234

DESCRIPTION

Cloud Mobility for Dell EMC Storage, versions 1.3.0.X and below contains an Improper Check for Certificate Revocation vulnerability. A threat actor does not need any specific privileges to potentially exploit this vulnerability. An attacker could perform a man-in-the-middle attack and eavesdrop on encrypted communications from Cloud Mobility to Cloud Storage devices. Exploitation could lead to the compromise of secret and sensitive information, cloud storage connection downtime, and the integrity of the connection to the Cloud devices. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2023-23690 // JVNDB: JVNDB-2023-002234 // VULHUB: VHN-452166 // VULMON: CVE-2023-23690

AFFECTED PRODUCTS

vendor:dellmodel:cloud mobility for dell emc storagescope:ltversion:1.3.4.0

Trust: 1.0

vendor:デルmodel:cloud mobility for dell emc storagescope:eqversion: -

Trust: 0.8

vendor:デルmodel:cloud mobility for dell emc storagescope:lteversion:1.3.0.x and earlier

Trust: 0.8

sources: JVNDB: JVNDB-2023-002234 // NVD: CVE-2023-23690

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-23690
value: HIGH

Trust: 1.0

security_alert@emc.com: CVE-2023-23690
value: HIGH

Trust: 1.0

OTHER: JVNDB-2023-002234
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202301-1515
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2023-23690
baseSeverity: HIGH
baseScore: 7.0
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.2
impactScore: 4.7
version: 3.1

Trust: 2.0

OTHER: JVNDB-2023-002234
baseSeverity: HIGH
baseScore: 7.0
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-002234 // CNNVD: CNNVD-202301-1515 // NVD: CVE-2023-23690 // NVD: CVE-2023-23690

PROBLEMTYPE DATA

problemtype:CWE-295

Trust: 1.1

problemtype:CWE-299

Trust: 1.0

problemtype:Illegal certificate verification (CWE-295) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-452166 // JVNDB: JVNDB-2023-002234 // NVD: CVE-2023-23690

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202301-1515

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202301-1515

PATCH

title:DSA-2023-019url:https://www.dell.com/support/kbdoc/ja-jp/000207521/dsa-2023-019-dell-emc-cloud-mobility-security-update-for-certificate-revocation-vulnerability

Trust: 0.8

title:Dell EMC Storage Repair measures for trust management problem vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=222614

Trust: 0.6

title: - url:https://github.com/Live-Hack-CVE/CVE-2023-23690

Trust: 0.1

sources: VULMON: CVE-2023-23690 // JVNDB: JVNDB-2023-002234 // CNNVD: CNNVD-202301-1515

EXTERNAL IDS

db:NVDid:CVE-2023-23690

Trust: 3.4

db:JVNDBid:JVNDB-2023-002234

Trust: 0.8

db:CNNVDid:CNNVD-202301-1515

Trust: 0.6

db:VULHUBid:VHN-452166

Trust: 0.1

db:VULMONid:CVE-2023-23690

Trust: 0.1

sources: VULHUB: VHN-452166 // VULMON: CVE-2023-23690 // JVNDB: JVNDB-2023-002234 // CNNVD: CNNVD-202301-1515 // NVD: CVE-2023-23690

REFERENCES

url:https://www.dell.com/support/kbdoc/en-us/000207521/dsa-2023-019-dell-emc-cloud-mobility-security-update-for-certificate-revocation-vulnerability

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-23690

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2023-23690/

Trust: 0.6

url:https://github.com/live-hack-cve/cve-2023-23690

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-452166 // VULMON: CVE-2023-23690 // JVNDB: JVNDB-2023-002234 // CNNVD: CNNVD-202301-1515 // NVD: CVE-2023-23690

SOURCES

db:VULHUBid:VHN-452166
db:VULMONid:CVE-2023-23690
db:JVNDBid:JVNDB-2023-002234
db:CNNVDid:CNNVD-202301-1515
db:NVDid:CVE-2023-23690

LAST UPDATE DATE

2024-08-14T14:55:00.509000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-452166date:2023-01-27T00:00:00
db:VULMONid:CVE-2023-23690date:2023-01-19T00:00:00
db:JVNDBid:JVNDB-2023-002234date:2023-06-27T08:15:00
db:CNNVDid:CNNVD-202301-1515date:2023-01-28T00:00:00
db:NVDid:CVE-2023-23690date:2023-11-07T04:07:52.187

SOURCES RELEASE DATE

db:VULHUBid:VHN-452166date:2023-01-19T00:00:00
db:VULMONid:CVE-2023-23690date:2023-01-19T00:00:00
db:JVNDBid:JVNDB-2023-002234date:2023-06-27T00:00:00
db:CNNVDid:CNNVD-202301-1515date:2023-01-19T00:00:00
db:NVDid:CVE-2023-23690date:2023-01-19T12:15:13.623