Some article numbers may have changed. If this isn't what you're looking for, try searching all articles. Search articles
Article Number: 000207533
DSA-2023-018: Dell PowerVault ME5 Security Update for a Client Desync Attack Vulnerability
Dell PowerVault ME5 remediation is available for a Client Desync Attack vulnerability that may be exploited by malicious users to compromise the affected system.
Summary:Dell PowerVault ME5 remediation is available for a Client Desync Attack vulnerability that may be exploited by malicious users to compromise the affected system.
Article Content
Impact
High
Details
Proprietary Code CVEs
Description
CVSS Base Score
CVSS Vector String
CVE-2023-23691
Dell PV ME5 versions ME5.1.0.0.0 and ME5.1.0.1.0 contain a Client-side desync Vulnerability. An unauthenticated attacker may potentially exploit this vulnerability to force a victim's browser to desynchronize its connection with the website, typically leading to XSS and DoS.
Dell PV ME5 versions ME5.1.0.0.0 and ME5.1.0.1.0 contain a Client-side desync Vulnerability. An unauthenticated attacker may potentially exploit this vulnerability to force a victim's browser to desynchronize its connection with the website, typically leading to XSS and DoS.
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.
Dell Technologies would like to thank Ken Pyle, Exploit Developer & Partner at Cyber/Graduate Professor at Chestnut Hill College for reporting this issue.
Revision History
Revision
Date
Description
1.0
2023-01-17
Initial Release
2.0
2023-07-10
Updated for enhanced presentation with no change to content