Vulnerabilities > CVE-2023-48661 - Files or Directories Accessible to External Parties vulnerability in Dell products

CVSS 4.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

dell

CWE-552

NVD

Published: 2023-12-14

Updated: 2023-12-19

Summary

Dell vApp Manager, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability to read arbitrary files from the target system.

Vulnerable Configurations

Part	Description	Count
OS	Dell Dell Powermax OS 5978	1
Application	Dell Dell Unisphere FOR Powermax Virtual Appliance - Dell Unisphere FOR Powermax Virtual Appliance 9.2.3.22 Dell Solutions Enabler Virtual Appliance - Dell Solutions Enabler Virtual Appliance 9.2.3.6	5

Common Weakness Enumeration (CWE)

CWE-552 - Files or Directories Accessible to External Parties

References

https://www.dell.com/support/kbdoc/en-us/000220427/dsa-2023-443-dell-powermaxos-5978-dell-unisphere-360-dell-unisphere-for-powermax-dell-unisphere-for-powermax-virtual-appliance-dell-solutions-enabler-virtual-appliance-and-dell-powermax-eem-security-update-for-multiple-vulnerabilities