OS Command Injection Vulnerability in Dell SmartFabric Storage Software
CVE-2023-4401

7.8HIGH

Key Information:

Vendor: Dell
Status: Dell Smartfabric Storage Software
Vendor: CVE Published:; 5 October 2023

Summary

Dell SmartFabric Storage Software versions 1.4 and earlier are affected by an OS command injection vulnerability in the command-line interface (CLI) usage of the 'more' command. An authenticated attacker—either local or remote—may leverage this vulnerability to execute arbitrary commands on the underlying operating system, potentially gaining root privileges and compromising the integrity and security of the affected system. It's crucial for users to apply security updates to mitigate this risk and protect their data.

Affected Version(s)

Dell SmartFabric Storage Software v1.4.0 and prior

References

https://www.dell.com/support/kbdoc/en-us/000218107/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 5, 2023
Vulnerability Reserved
Aug 17, 2023