Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains a Client-side desync Vulnerability. An unauthenticated attacker could potentially exploit this vulnerability to force a victim's browser to desynchronize its connection with the website, typically leading to XSS and DoS.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
History
07 Nov 2023, 04:07
Type | Values Removed | Values Added |
---|---|---|
Summary | Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains a Client-side desync Vulnerability. An unauthenticated attacker could potentially exploit this vulnerability to force a victim's browser to desynchronize its connection with the website, typically leading to XSS and DoS. |
01 Feb 2023, 15:59
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:dell:powervault_me5084:-:*:*:*:*:*:*:* cpe:2.3:h:dell:powervault_me5012:-:*:*:*:*:*:*:* cpe:2.3:h:dell:powervault_me5024:-:*:*:*:*:*:*:* cpe:2.3:o:dell:powervault_me5084_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dell:powervault_me5024_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dell:powervault_me5012_firmware:*:*:*:*:*:*:*:* |
|
First Time |
Dell powervault Me5012 Firmware
Dell powervault Me5024 Firmware Dell powervault Me5024 Dell powervault Me5084 Dell powervault Me5084 Firmware Dell powervault Me5012 Dell |
|
CWE | CWE-444 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
References | (MISC) https://www.dell.com/support/kbdoc/en-us/000207533/dsa-2023-018-dell-emc-powervault-me5-security-update-for-a-client-desync-attack-vulnerability - Vendor Advisory |
20 Jan 2023, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-20 08:15
Updated : 2023-12-10 14:48
NVD link : CVE-2023-23691
Mitre link : CVE-2023-23691
CVE.ORG link : CVE-2023-23691
JSON object : View
Products Affected
dell
- powervault_me5024
- powervault_me5024_firmware
- powervault_me5012_firmware
- powervault_me5084_firmware
- powervault_me5084
- powervault_me5012
CWE
CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')