OS Command Injection Vulnerability in Dell VxRail Manager
CVE-2023-23694

4.7MEDIUM

Key Information:

Vendor: Dell
Status: Dell Vxrail Hci
Vendor: CVE Published:; 23 May 2023

What is CVE-2023-23694?

Dell VxRail versions prior to 7.0.450 contain an OS command injection vulnerability in VxRail Manager. This vulnerability can be exploited by a local authenticated attacker to execute arbitrary OS commands on the underlying operating system with the application's privileges. Successful exploitation could allow an attacker to gain full control of the system.

Affected Version(s)

Dell VxRail HCI 7.0.x versions before 7.0.450

References

https://www.dell.com/support/kbdoc/en-us/000213011/dsa-20...

vendor-advisory

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 23, 2023
Vulnerability Reserved
Jan 17, 2023