Multiple vulnerabilities in Dell Container Storage Modules



| Updated: 2023-09-18
Risk High
Patch available YES
Number of vulnerabilities 39
CVE-ID CVE-2023-0286
CVE-2023-28842
CVE-2023-0361
CVE-2021-44568
CVE-2021-42694
CVE-2018-20657
CVE-2019-14250
CVE-2022-27943
CVE-2023-0215
CVE-2022-4304
CVE-2023-28840
CVE-2022-3715
CVE-2021-3826
CVE-2017-14501
CVE-2017-14166
CVE-2022-4450
CVE-2019-19244
CVE-2019-9936
CVE-2019-9937
CVE-2023-28841
CVE-2022-3219
CVE-2022-27191
CVE-2023-29400
CVE-2023-24539
CVE-2023-2253
CVE-2023-27561
CVE-2022-41723
CVE-2023-28642
CVE-2023-25809
CVE-2022-32149
CVE-2022-28391
CVE-2022-29526
CVE-2022-29162
CVE-2023-23916
CVE-2022-35252
CVE-2022-43552
CVE-2022-41973
CVE-2019-8905
CVE-2019-8906
CWE-ID CWE-843
CWE-420
CWE-326
CWE-787
CWE-20
CWE-401
CWE-190
CWE-400
CWE-416
CWE-208
CWE-122
CWE-119
CWE-125
CWE-415
CWE-476
CWE-311
CWE-327
CWE-79
CWE-399
CWE-284
CWE-281
CWE-78
CWE-264
CWE-770
CWE-61
Exploitation vector Network
Public exploit Public exploit code for vulnerability #5 is available.
Public exploit code for vulnerability #38 is available.
Public exploit code for vulnerability #39 is available.
Vulnerable software
Dell EMC Container Storage Modules
Client/Desktop applications / Software for system administration

Vendor Dell

Security Bulletin

This security bulletin contains information about 39 vulnerabilities.

1) Type Confusion

EUVDB-ID: #VU71992

Risk: High

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0286

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a type confusion error related to X.400 address processing inside an X.509 GeneralName. A remote attacker can pass specially crafted data to the application, trigger a type confusion error and perform a denial of service (DoS) attack or read memory contents.

In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Container Storage Modules: before 1.7

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000215527/dsa-2023-245-dell-container-storage-modules-security-update-for-multiple-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Unprotected Alternate Channel

EUVDB-ID: #VU74469

Risk: Medium

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-28842

CWE-ID: CWE-420 - Unprotected Alternate Channel

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to unprotected alternate channel within encrypted overlay networks. A remote attacker can inject arbitrary Ethernet frames into the encrypted overlay network by encapsulating them in VXLAN datagrams.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Container Storage Modules: before 1.7

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000215527/dsa-2023-245-dell-container-storage-modules-security-update-for-multiple-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Inadequate Encryption Strength

EUVDB-ID: #VU72125

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0361

CWE-ID: CWE-326 - Inadequate Encryption Strength

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to an error in the TLS RSA key exchange. A remote attacker can perform Bleichenbacher oracle attack and decrypt information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Container Storage Modules: before 1.7

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000215527/dsa-2023-245-dell-container-storage-modules-security-update-for-multiple-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Out-of-bounds write

EUVDB-ID: #VU66439

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-44568

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error when processing untrusted input within the resolve_dependencies() function at src/solver.c. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and crash the application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Container Storage Modules: before 1.7

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000215527/dsa-2023-245-dell-container-storage-modules-security-update-for-multiple-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Input validation error

EUVDB-ID: #VU57849

Risk: Low

CVSSv3.1: 2.3 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2021-42694

CWE-ID: CWE-20 - Improper input validation

Exploit availability: Yes

Description

The vulnerability allows an attacker to bypass certain security checks.

The vulnerability exists in the character definitions of the Unicode Specification. The specification allows an attacker to produce source code identifiers such as function names using homoglyphs that render visually identical to a target identifier. Adversaries can leverage this to inject code via adversarial identifier definitions in upstream software dependencies invoked deceptively in downstream software.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Container Storage Modules: before 1.7

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000215527/dsa-2023-245-dell-container-storage-modules-security-update-for-multiple-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

6) Memory leak

EUVDB-ID: #VU16808

Risk: Low

CVSSv3.1: 3.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-20657

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak in the demangle_template function in cplus-dem.c in GNU libiberty. A remote attacker can trigger a memory leak via a crafted string and perform denial of service attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Container Storage Modules: before 1.7

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000215527/dsa-2023-245-dell-container-storage-modules-security-update-for-multiple-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Integer overflow

EUVDB-ID: #VU19616

Risk: Medium

CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-14250

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in simple_object_elf_match() function in simple-object-elf.c. A remote attacker can use a specially crFted ELF file to trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Container Storage Modules: before 1.7

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000215527/dsa-2023-245-dell-container-storage-modules-security-update-for-multiple-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Resource exhaustion

EUVDB-ID: #VU72528

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-27943

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources within demangle_const in libiberty/rust-demangle.c. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Container Storage Modules: before 1.7

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000215527/dsa-2023-245-dell-container-storage-modules-security-update-for-multiple-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Use-after-free

EUVDB-ID: #VU71995

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0215

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the BIO_new_NDEF function. A remote attacker can trigger a use-after-free error and perform a denial of service (DoS) attack.


Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Container Storage Modules: before 1.7

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000215527/dsa-2023-245-dell-container-storage-modules-security-update-for-multiple-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Information Exposure Through Timing Discrepancy

EUVDB-ID: #VU71993

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-4304

CWE-ID: CWE-208 - Information Exposure Through Timing Discrepancy

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain sensitive information.

The vulnerability exists due to a timing based side channel exists in the OpenSSL RSA Decryption implementation. A remote attacker can perform a Bleichenbacher style attack and decrypt data sent over the network.

To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Container Storage Modules: before 1.7

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000215527/dsa-2023-245-dell-container-storage-modules-security-update-for-multiple-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Unprotected Alternate Channel

EUVDB-ID: #VU74468

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-28840

CWE-ID: CWE-420 - Unprotected Alternate Channel

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to unprotected alternate channel within encrypted overlay networks. A remote attacker can inject arbitrary Ethernet frames into the encrypted overlay network and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Container Storage Modules: before 1.7

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000215527/dsa-2023-245-dell-container-storage-modules-security-update-for-multiple-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Heap-based buffer overflow

EUVDB-ID: #VU71454

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-3715

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in valid_parameter_transform() function in GNU bash. A local user can trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Container Storage Modules: before 1.7

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000215527/dsa-2023-245-dell-container-storage-modules-security-update-for-multiple-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Buffer overflow

EUVDB-ID: #VU72527

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3826

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the dlang_lname() function in d-demangle.c in libiberty. A local user can perform a denial of service (DoS) attack via a crafted mangled symbol.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Container Storage Modules: before 1.7

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000215527/dsa-2023-245-dell-container-storage-modules-security-update-for-multiple-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Out-of-bounds read

EUVDB-ID: #VU15818

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-14501

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to out-of-bounds read condition in the parse_file_info function, as defined in the archive_read_support_format_iso9660.c source code file when extracting ISO 9660 files. A remote attacker can trick the victim into extracting an ISO 9660 file that submits malicious input and cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Container Storage Modules: before 1.7

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000215527/dsa-2023-245-dell-container-storage-modules-security-update-for-multiple-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Buffer over-read

EUVDB-ID: #VU15952

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-14166

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in libarchive 3.3.2. A remote attacker can trigger xml_data heap-based buffer over-read and application crash via a specially crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Container Storage Modules: before 1.7

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000215527/dsa-2023-245-dell-container-storage-modules-security-update-for-multiple-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Double Free

EUVDB-ID: #VU71996

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-4450

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the PEM_read_bio_ex() function. A remote attacker can pass specially crafted PEM file to the application, trigger a double free error and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Container Storage Modules: before 1.7

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000215527/dsa-2023-245-dell-container-storage-modules-security-update-for-multiple-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Input validation error

EUVDB-ID: #VU23190

Risk: Low

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-19244

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage in select.c . A remote attacker can crash the affected application using a specially crafted SQL query.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Container Storage Modules: before 1.7

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000215527/dsa-2023-245-dell-container-storage-modules-security-update-for-multiple-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Out-of-bounds read

EUVDB-ID: #VU18059

Risk: Low

CVSSv3.1: 2 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-9936

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the fts5HashEntrySort in sqlite3.c when running fts5 prefix queries inside a transaction. A remote user with ability to send queries can trigger heap-based buffer over-read error and read contents of memory on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Container Storage Modules: before 1.7

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000215527/dsa-2023-245-dell-container-storage-modules-security-update-for-multiple-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) NULL pointer dereference

EUVDB-ID: #VU18060

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-9937

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dreference error when processing interleaving reads and writes in a single transaction with an fts5 virtual table in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c. A remote attacker can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Container Storage Modules: before 1.7

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000215527/dsa-2023-245-dell-container-storage-modules-security-update-for-multiple-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Missing Encryption of Sensitive Data

EUVDB-ID: #VU74467

Risk: Medium

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-28841

CWE-ID: CWE-311 - Missing Encryption of Sensitive Data

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to missing encryption of sensitive data within the overlay network driver. A remote attacker can gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Container Storage Modules: before 1.7

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000215527/dsa-2023-245-dell-container-storage-modules-security-update-for-multiple-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Out-of-bounds write

EUVDB-ID: #VU79272

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-3219

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB. A remote attacker can send a specially crafted file, trigger an out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Container Storage Modules: before 1.7

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000215527/dsa-2023-245-dell-container-storage-modules-security-update-for-multiple-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Use of a broken or risky cryptographic algorithm

EUVDB-ID: #VU62039

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-27191

CWE-ID: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in golang.org/x/crypto/ssh before 0.0.0-20220314234659-1baeb1ce4c0b, as used in Go programming language. A remote attacker can crash a server in certain circumstances involving AddHostKey.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Container Storage Modules: before 1.7

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000215527/dsa-2023-245-dell-container-storage-modules-security-update-for-multiple-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Cross-site scripting

EUVDB-ID: #VU75792

Risk: Medium

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-29400

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data when processing HTML attributes. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Container Storage Modules: before 1.7

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000215527/dsa-2023-245-dell-container-storage-modules-security-update-for-multiple-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Cross-site scripting

EUVDB-ID: #VU75790

Risk: Medium

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-24539

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data when handling angle brackets in CSS context. A remote attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Container Storage Modules: before 1.7

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000215527/dsa-2023-245-dell-container-storage-modules-security-update-for-multiple-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Resource management error

EUVDB-ID: #VU75993

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-2253

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the application. A remote attacker can send specially crafted requests to the "/v2/_catalog" API endpoint and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Container Storage Modules: before 1.7

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000215527/dsa-2023-245-dell-container-storage-modules-security-update-for-multiple-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Improper access control

EUVDB-ID: #VU74190

Risk: Low

CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-27561

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to improper access restrictions in the libcontainer/rootfs_linux.go. A local user can gain elevated privileges on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Container Storage Modules: before 1.7

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000215527/dsa-2023-245-dell-container-storage-modules-security-update-for-multiple-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Resource exhaustion

EUVDB-ID: #VU72686

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-41723

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources in the HPACK decoder. A remote attacker can send a specially crafted HTTP/2 stream to the application, cause resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Container Storage Modules: before 1.7

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000215527/dsa-2023-245-dell-container-storage-modules-security-update-for-multiple-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Improper Preservation of Permissions

EUVDB-ID: #VU74193

Risk: Medium

CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-28642

CWE-ID: CWE-281 - Improper preservation of permissions

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to improper preservation of permissions in the AppArmor and SELinux when /proc inside the container is symlinked with a specific mount configuration. A remote attacker can gain access to the target application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Container Storage Modules: before 1.7

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000215527/dsa-2023-245-dell-container-storage-modules-security-update-for-multiple-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Improper Preservation of Permissions

EUVDB-ID: #VU74189

Risk: Low

CVSSv3.1: 2.2 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-25809

CWE-ID: CWE-281 - Improper preservation of permissions

Exploit availability: No

Description

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to the rootless "/sys/fs/cgroup" is writable when cgroupns is not unshared. A local administrator can gain the write access to user-owned cgroup hierarchy "/sys/fs/cgroup/user.slice/..." on the host.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Container Storage Modules: before 1.7

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000215527/dsa-2023-245-dell-container-storage-modules-security-update-for-multiple-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Resource exhaustion

EUVDB-ID: #VU68897

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-32149

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to ParseAcceptLanguage does not properly control consumption of internal resources. A remote attacker can send a specially crafted Accept-Language header that will take a significant time to parse and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Container Storage Modules: before 1.7

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000215527/dsa-2023-245-dell-container-storage-modules-security-update-for-multiple-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) OS Command Injection

EUVDB-ID: #VU65004

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-28391

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation of DNS PTR records output within the netstat utility if executed on VT compatible terminal. A remote attacker can trick the victim to run the netstat command after initiating a connection to the system and execute arbitrary OS commands on the target system with privileges of the user running the netstat command.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Container Storage Modules: before 1.7

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000215527/dsa-2023-245-dell-container-storage-modules-security-update-for-multiple-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU63173

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-29526

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to the Faccessat function can incorrectly report that a file is accessible, when called with a non-zero flags parameter. An attacker can bypass implemented security restrictions.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Container Storage Modules: before 1.7

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000215527/dsa-2023-245-dell-container-storage-modules-security-update-for-multiple-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU63090

Risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-29162

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to containers are incorrectly started with non-empty inheritable Linux process capabilities, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Container Storage Modules: before 1.7

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000215527/dsa-2023-245-dell-container-storage-modules-security-update-for-multiple-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Allocation of Resources Without Limits or Throttling

EUVDB-ID: #VU72337

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-23916

CWE-ID: CWE-770 - Allocation of Resources Without Limits or Throttling

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect implementation of the "chained" HTTP compression algorithms, where the number of links in the decompression chain was limited for each header instead of the entire request. A remote attacker can send a specially crafted compressed HTTP request with numerous headers and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Container Storage Modules: before 1.7

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000215527/dsa-2023-245-dell-container-storage-modules-security-update-for-multiple-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Input validation error

EUVDB-ID: #VU66881

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-35252

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the way curl handles cookies with control codes (byte values below 32). When cookies that contain such control codes are later sent back to an HTTP(S) server, it might make the server return a 400 response, effectively allowing a "sister site" to deny service to siblings.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Container Storage Modules: before 1.7

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000215527/dsa-2023-245-dell-container-storage-modules-security-update-for-multiple-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Use-after-free

EUVDB-ID: #VU70456

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-43552

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error while processing denied requests from HTTP proxies when using SMB or TELNET protocols. A remote attacker can trigger a use-after-free error and crash the application.


Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Container Storage Modules: before 1.7

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000215527/dsa-2023-245-dell-container-storage-modules-security-update-for-multiple-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) UNIX symbolic link following

EUVDB-ID: #VU68723

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-41973

CWE-ID: CWE-61 - UNIX Symbolic Link (Symlink) Following

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a symlink following issue. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.

Successful exploitation of this vulnerability may result in privilege escalation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Container Storage Modules: before 1.7

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000215527/dsa-2023-245-dell-container-storage-modules-security-update-for-multiple-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Stack out-of-bounds read

EUVDB-ID: #VU17821

Risk: Low

CVSSv3.1: 4.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-8905

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information or perform a denial of service (DoS) attack.

The vulnerability exists due to stack-based buffer over-read in the do_core_note function, related to file_printable. A remote attacker can trick the victim into executing a file that submits malicious input to the targeted system with the file command, trigger memory corruption and gain access to arbitrary data or perform a denial of service attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Container Storage Modules: before 1.7

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000215527/dsa-2023-245-dell-container-storage-modules-security-update-for-multiple-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

39) Out-of-bounds read

EUVDB-ID: #VU17823

Risk: Low

CVSSv3.1: 4.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-8906

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information or perform a denial of service (DoS) attack.

The vulnerability exists due to out-of-bounds read in the do_core_note function. A remote attacker can trick the victim into executing a file that submits malicious input to the targeted system with the file command, trigger memory corruption and gain access to arbitrary data or perform a denial of service attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Container Storage Modules: before 1.7

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000215527/dsa-2023-245-dell-container-storage-modules-security-update-for-multiple-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###