DSA-2023-019: Dell Cloud Mobility Security Update for Certificate Revocation Vulnerability
Summary: Dell Cloud Mobility remediation is available for certificate revocation vulnerability that may be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
High
Details
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-23690 | Cloud Mobility for Dell Storage versions 1.3.0.X and earlier contain an Improper Check for Certificate Revocation vulnerability. A threat actor does not need any specific privileges to potentially exploit this vulnerability. An attacker may perform a man-in-the-middle attack and eavesdrop on encrypted communications from Cloud Mobility to Cloud Storage devices. Exploitation may lead to the compromise of secret and sensitive information, cloud storage connection downtime, and the integrity of the connection to the Cloud devices. | 7.0 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-23690 | Cloud Mobility for Dell Storage versions 1.3.0.X and earlier contain an Improper Check for Certificate Revocation vulnerability. A threat actor does not need any specific privileges to potentially exploit this vulnerability. An attacker may perform a man-in-the-middle attack and eavesdrop on encrypted communications from Cloud Mobility to Cloud Storage devices. Exploitation may lead to the compromise of secret and sensitive information, cloud storage connection downtime, and the integrity of the connection to the Cloud devices. | 7.0 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L |
Affected Products & Remediation
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|
| CVE-2023-23690 | Cloud Mobility for Dell Storage | Versions 1.3.3.X and earlier | 1.3.4.0 | AWS: https://aws.amazon.com/marketplace/pp/prodview-puxtams7ngwwk VMware: https://marketplace.cloud.vmware.com/services/details/cloud-mobility-for-dell-emc-storage-1-1-1-1-1?slug=true |
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|
| CVE-2023-23690 | Cloud Mobility for Dell Storage | Versions 1.3.3.X and earlier | 1.3.4.0 | AWS: https://aws.amazon.com/marketplace/pp/prodview-puxtams7ngwwk VMware: https://marketplace.cloud.vmware.com/services/details/cloud-mobility-for-dell-emc-storage-1-1-1-1-1?slug=true |
NOTE: Customers should only use the latest versions of Cloud Mobility for Dell Storage on the AWS or VMware Marketplaces. We recommend downloading the newest versions of Cloud Mobility for Dell Storage to obtain a fix for this issue.
Revision History
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2023-01-17 | Initial Release |
| 2.0 | 2023-07-10 | Updated for enhanced presentation with not change to content |
Related Information
Legal Disclaimer
Article Properties
Article Number: 000207521
Article Type: Dell Security Advisory
Last Modified: 10 Jul 2023
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.