Improper Verification of Cryptographic Signature in Dell ECS
CVE-2023-25934

7.5HIGH

Key Information:

Vendor: Dell
Status: Ecs
Vendor: CVE Published:; 4 May 2023

What is CVE-2023-25934?

Dell ECS versions prior to 3.8.0.2 are affected by a vulnerability that allows an attacker on the network to intercept requests. This improper verification of cryptographic signatures can let the attacker modify the body data of these requests, potentially leading to unauthorized access or manipulation of data. Organizations using affected versions are advised to update to the latest release to mitigate this security risk.

Affected Version(s)

ECS Version<= 3.8.0.1

References

https://www.dell.com/support/kbdoc/en-us/000212970/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 4, 2023
Vulnerability Reserved
Feb 17, 2023