Vulnerabilities > CVE-2023-43067 - XXE vulnerability in Dell products

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

dell

CWE-611

NVD

Published: 2023-10-23

Updated: 2023-10-28

Summary

Dell Unity prior to 5.3 contains an XML External Entity injection vulnerability. An XXE attack could potentially exploit this vulnerability disclosing local files in the file system.

Vulnerable Configurations

Part	Description	Count
Application	Dell Dell Unity Operating Environment - Dell Unity Operating Environment 5.0.7.0.5.008 Dell Unity Operating Environment 5.2.0.0.5.173 Dell Unity XT Operating Environment - Dell Unity XT Operating Environment 5.0.7.0.5.008 Dell Unity XT Operating Environment 5.2.0.0.5.173 Dell Unityvsa Operating Environment - Dell Unityvsa Operating Environment 5.0.7.0.5.008 Dell Unityvsa Operating Environment 5.2.0.0.5.173	9

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

References

https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unity-vsa-and-unity-xt-security-update-for-multiple-vulnerabilities