Details of VAR-202302-0030

ID

VAR-202302-0030

CVE

CVE-2023-23692

TITLE

Dell EMC DDOS In OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2023-003005

DESCRIPTION

Dell EMC prior to version DDOS 7.9 contain(s) an OS command injection Vulnerability. An authenticated non admin attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2023-23692 // JVNDB: JVNDB-2023-003005 // VULHUB: VHN-452168 // VULMON: CVE-2023-23692

AFFECTED PRODUCTS

vendor:	dell	model:	emc data domain os	scope:	lt	version:	7.9.0.0	Trust: 1.0
vendor:	dell	model:	emc data domain os	scope:	lt	version:	6.2.1.90	Trust: 1.0
vendor:	dell	model:	emc data domain os	scope:	gte	version:	7.7.1	Trust: 1.0
vendor:	dell	model:	emc data domain os	scope:	lt	version:	7.7.3	Trust: 1.0
vendor:	dell	model:	emc data domain os	scope:	gte	version:	7.0.0.0	Trust: 1.0
vendor:	dell emc 旧 emc	model:	data domain オペレーティングシステム	scope:	eq	version:	-	Trust: 0.8
vendor:	dell emc 旧 emc	model:	data domain オペレーティングシステム	scope:	eq	version:	emc data domain operating system 7.9	Trust: 0.8

sources: JVNDB: JVNDB-2023-003005 // NVD: CVE-2023-23692

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-23692
value:	HIGH
Trust: 1.0
security_alert@emc.com:	CVE-2023-23692
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2023-003005
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202302-077
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2023-23692
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2023-003005
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-003005 // CNNVD: CNNVD-202302-077 // NVD: CVE-2023-23692 // NVD: CVE-2023-23692

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.1
problemtype:	OS Command injection (CWE-78) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-452168 // JVNDB: JVNDB-2023-003005 // NVD: CVE-2023-23692

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-077

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202302-077

PATCH

title:	DSA-2022-187	url:	https://www.dell.com/support/kbdoc/en-us/000201296/dsa-2022-187-dell-technologies-powerprotect-data-domain-security-update-for-multiple-third-party-component-vulnerabilities	Trust: 0.8
title:	Dell PowerProtect Data Domain Fixes for operating system command injection vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=224400	Trust: 0.6

sources: JVNDB: JVNDB-2023-003005 // CNNVD: CNNVD-202302-077

EXTERNAL IDS

db:	NVD	id:	CVE-2023-23692	Trust: 3.4
db:	JVNDB	id:	JVNDB-2023-003005	Trust: 0.8
db:	CNNVD	id:	CNNVD-202302-077	Trust: 0.6
db:	VULHUB	id:	VHN-452168	Trust: 0.1
db:	VULMON	id:	CVE-2023-23692	Trust: 0.1

sources: VULHUB: VHN-452168 // VULMON: CVE-2023-23692 // JVNDB: JVNDB-2023-003005 // CNNVD: CNNVD-202302-077 // NVD: CVE-2023-23692

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000201296/dsa-2022-187-dell-technologies-powerprotect-data-domain-security-update-for-multiple-third-party-component-vulnerabilities	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-23692	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2023-23692/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-452168 // VULMON: CVE-2023-23692 // JVNDB: JVNDB-2023-003005 // CNNVD: CNNVD-202302-077 // NVD: CVE-2023-23692

SOURCES

db:	VULHUB	id:	VHN-452168
db:	VULMON	id:	CVE-2023-23692
db:	JVNDB	id:	JVNDB-2023-003005
db:	CNNVD	id:	CNNVD-202302-077
db:	NVD	id:	CVE-2023-23692

LAST UPDATE DATE

2024-08-14T13:42:06.404000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-452168	date:	2023-02-08T00:00:00
db:	VULMON	id:	CVE-2023-23692	date:	2023-02-01T00:00:00
db:	JVNDB	id:	JVNDB-2023-003005	date:	2023-08-29T01:22:00
db:	CNNVD	id:	CNNVD-202302-077	date:	2023-02-09T00:00:00
db:	NVD	id:	CVE-2023-23692	date:	2023-11-07T04:07:52.350

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-452168	date:	2023-02-01T00:00:00
db:	VULMON	id:	CVE-2023-23692	date:	2023-02-01T00:00:00
db:	JVNDB	id:	JVNDB-2023-003005	date:	2023-08-29T00:00:00
db:	CNNVD	id:	CNNVD-202302-077	date:	2023-02-01T00:00:00
db:	NVD	id:	CVE-2023-23692	date:	2023-02-01T13:15:09.640