Vulnerabilities > CVE-2023-32465 - Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in Dell Powerprotect Cyber Recovery

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

dell

CWE-644

NVD

Published: 2023-06-14

Updated: 2023-06-27

Summary

Dell Power Protect Cyber Recovery, contains an Authentication Bypass vulnerability. An attacker could potentially exploit this vulnerability, leading to unauthorized admin access to the Cyber Recovery application. Exploitation may lead to complete system takeover by an attacker.

Vulnerable Configurations

Part	Description	Count
Application	Dell Dell Powerprotect Cyber Recovery 19.4 Dell Powerprotect Cyber Recovery 19.5 Dell Powerprotect Cyber Recovery 19.6 Dell Powerprotect Cyber Recovery 19.7 Dell Powerprotect Cyber Recovery 19.8 Dell Powerprotect Cyber Recovery 19.9 Dell Powerprotect Cyber Recovery 19.10 Dell Powerprotect Cyber Recovery 19.11 Dell Powerprotect Cyber Recovery 19.11.0.2 Dell Powerprotect Cyber Recovery 19.13.0.2	10

Common Weakness Enumeration (CWE)

CWE-644 - Improper Neutralization of HTTP Headers for Scripting Syntax

References

https://www.dell.com/support/kbdoc/en-us/000214943/dsa-2023-201-security-update-for-dell-powerprotect-cyber-recovery