Dell PowerStore versions prior to 3.5 contain an improper verification of cryptographic signature vulnerability. An attacker can trick a high privileged user to install a malicious binary by bypassing the existing cryptographic signature checks
References
Link | Resource |
---|---|
https://www.dell.com/support/kbdoc/en-us/000215171/dsa-2023-173-dell-powerstore-family-security-update-for-multiple-vulnerabilities | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
History
28 Jun 2023, 15:21
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.dell.com/support/kbdoc/en-us/000215171/dsa-2023-173-dell-powerstore-family-security-update-for-multiple-vulnerabilities - Patch, Vendor Advisory | |
CPE | cpe:2.3:h:dell:powerstore_3200t:-:*:*:*:*:*:*:* cpe:2.3:h:dell:powerstore_1000t:-:*:*:*:*:*:*:* cpe:2.3:h:dell:powerstore_1200t:-:*:*:*:*:*:*:* cpe:2.3:h:dell:powerstore_3000t:-:*:*:*:*:*:*:* cpe:2.3:h:dell:powerstore_7000t:-:*:*:*:*:*:*:* cpe:2.3:h:dell:powerstore_5200t:-:*:*:*:*:*:*:* cpe:2.3:h:dell:powerstore_9000t:-:*:*:*:*:*:*:* cpe:2.3:h:dell:powerstore_500t:-:*:*:*:*:*:*:* cpe:2.3:h:dell:powerstore_9200t:-:*:*:*:*:*:*:* cpe:2.3:h:dell:powerstore_5000t:-:*:*:*:*:*:*:* cpe:2.3:o:dell:powerstoret_os:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
First Time |
Dell powerstore 500t
Dell Dell powerstore 3200t Dell powerstore 7000t Dell powerstore 1000t Dell powerstore 3000t Dell powerstore 9200t Dell powerstore 5200t Dell powerstoret Os Dell powerstore 9000t Dell powerstore 1200t Dell powerstore 5000t |
22 Jun 2023, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-22 07:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-32449
Mitre link : CVE-2023-32449
CVE.ORG link : CVE-2023-32449
JSON object : View
Products Affected
dell
- powerstore_5200t
- powerstore_9000t
- powerstore_7000t
- powerstore_5000t
- powerstore_1200t
- powerstore_3200t
- powerstore_3000t
- powerstore_500t
- powerstore_9200t
- powerstore_1000t
- powerstoret_os
CWE
CWE-347
Improper Verification of Cryptographic Signature