OS Command Injection Vulnerability in Dell VxRail by Dell
CVE-2023-23693

6.7MEDIUM

Key Information:

Vendor: Dell
Status: Dell Vxrail Hci
Vendor: CVE Published:; 23 May 2023

Summary

Dell VxRail, specifically in versions prior to 7.0.450, is susceptible to an OS command injection vulnerability found within the DCManager command-line utility. A local attacker with high privileges could exploit this vulnerability to execute arbitrary OS commands on the underlying operating system. This exploitation potentially allows an attacker to take control of the system, posing significant security risks.

Affected Version(s)

Dell VxRail HCI 7.0.x versions before 7.0.450

References

https://www.dell.com/support/kbdoc/en-us/000213011/dsa-20...

vendor-advisory

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
May 23, 2023
Vulnerability Reserved
Jan 17, 2023