Dell ESI Vulnerability Could Lead to Admin-Level Credentials
CVE-2023-39245

9.8CRITICAL

Key Information:

Vendor: Dell
Status: Esi (enterprise Storage Integrator) For SAP Lama
Vendor: CVE Published:; 15 February 2024

What is CVE-2023-39245?

A vulnerability within the DELL Enterprise Storage Integrator (ESI) for SAP LAMA, specifically in the EHAC component, allows for potential information disclosure. An unauthenticated remote attacker may exploit this flaw by eavesdropping on the network traffic, which could lead to the exposure of sensitive admin-level credentials. This poses a significant risk to organizations using this product, necessitating immediate attention to potential security measures and updates.

Affected Version(s)

ESI (Enterprise Storage Integrator) for SAP LAMA 0

References

https://www.dell.com/support/kbdoc/en-us/000216654/dsa-20...

vendor-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 15, 2024
Vulnerability Reserved
Jul 26, 2023