Path Traversal Vulnerability in Dell SmartFabric Storage Software
CVE-2023-43070

6.3MEDIUM

Key Information:

Vendor: Dell
Status: Dell Smartfabric Storage Software
Vendor: CVE Published:; 5 October 2023

Summary

Dell SmartFabric Storage Software v1.4 and earlier versions have a path traversal vulnerability in its HTTP interface. This allows a remote authenticated attacker to exploit the flaw and potentially write arbitrary files to unauthorized locations within the license container, posing risks to the integrity of the system and its data.

Affected Version(s)

Dell SmartFabric Storage Software v1.4.0 and prior

References

https://www.dell.com/support/kbdoc/en-us/000218107/dsa-20...

vendor-advisory

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 5, 2023
Vulnerability Reserved
Sep 15, 2023