Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products

DSA-2023-018: Dell PowerVault ME5 Security Update for a Client Desync Attack Vulnerability

Summary: Dell PowerVault ME5 remediation is available for a Client Desync Attack vulnerability that may be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.

Impact

High

Details

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2023-23691 Dell PV ME5 versions ME5.1.0.0.0 and ME5.1.0.1.0 contain a Client-side desync Vulnerability. An unauthenticated attacker may potentially exploit this vulnerability to force a victim's browser to desynchronize its connection with the website, typically leading to XSS and DoS.  8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2023-23691 Dell PV ME5 versions ME5.1.0.0.0 and ME5.1.0.1.0 contain a Client-side desync Vulnerability. An unauthenticated attacker may potentially exploit this vulnerability to force a victim's browser to desynchronize its connection with the website, typically leading to XSS and DoS.  8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Product Affected Versions Updated Versions Link
PowerVault ME5012 Versions prior to ME5.1.1.0.5 ME5.1.1.0.5 https://www.dell.com/support/home/product-support/product/powervault-me5012/drivers
PowerVault ME5024 Versions prior to ME5.1.1.0.5 ME5.1.1.0.5 https://www.dell.com/support/home/product-support/product/powervault-me5024/drivers
PowerVault ME5084 Versions prior to ME5.1.1.0.5 ME5.1.1.0.5 https://www.dell.com/support/home/product-support/product/powervault-me5024/overview
Product Affected Versions Updated Versions Link
PowerVault ME5012 Versions prior to ME5.1.1.0.5 ME5.1.1.0.5 https://www.dell.com/support/home/product-support/product/powervault-me5012/drivers
PowerVault ME5024 Versions prior to ME5.1.1.0.5 ME5.1.1.0.5 https://www.dell.com/support/home/product-support/product/powervault-me5024/drivers
PowerVault ME5084 Versions prior to ME5.1.1.0.5 ME5.1.1.0.5 https://www.dell.com/support/home/product-support/product/powervault-me5024/overview

Revision History

RevisionDateDescription
1.02023-01-17Initial Release
2.02023-07-10Updated for enhanced presentation with no change to content

Acknowledgements

Dell Technologies would like to thank Ken Pyle, Exploit Developer & Partner at Cyber/Graduate Professor at Chestnut Hill College for reporting this issue.
 

Related Information

Affected Products

PowerVault, MD Series, ME Series, NX Series, Tape Backup & Recovery, PowerVault MD Storage Arrays Management Pack, Dell MD Storage Array Management Pack Suite Version 5.0 For Microsoft System Center Operations , Dell MD Storage Arrays Management Pack Suite v6.0 for Microsoft System Center Operations Manager, Dell MD Storage Arrays Management Pack Suite v6.1 for Microsoft System Center Operations Manager, Dell PowerVault MD Storage Arrays Management Pack Version 4.0 for Microsoft System Center Oper Mangr, Dell PowerVault MD Storage Arrays Management Pack Version 4.1 for Microsoft System Center Oper Mngr, Dell PowerVault MD3000 with Red Hat Enterprise Linux HA Clusters, Dell PowerVault MD3000 with Windows HA Clusters, Dell PowerVault MD3000i with Windows HA Clusters, Dell PowerVault MD3200/MD3220-Windows HA Cluster, Dell PowerVault MD3200i and MD3220i with Windows HA Clusters, Dell PowerVault MD3600f/3620f Windows HA Cluster, Dell PowerVault MD3600i/3620i Windows HA Cluster, Dell EMC ML3, Dell PowerVault OEM Ready MD34XX and MD38XX, PowerVault 100T DAT72, PowerVault 100T DDS3 (Tape Drive), PowerVault 100T TR40, PowerVault 110T DLT7000 (Tape Drive), 110T DLT1 Drive, 110T DLT4000 Cartridge Tape Subsystem, PowerVault 110T LTO2-L, PowerVault 110T LTO3, PowerVault 110T VS160, PowerVault 110T DLT VS80 (Tape Drive), PowerVault 112T 1U (Tape Enclosure), PowerVault 114X Tape Rack Enclosure, PowerVault 120T DDS4 (Autoloader), PowerVault 120T DLT4000 (Autoloader), PowerVault 120T DLT7000 (Autoloader), PowerVault 122T DLT VS80 (Autoloader), PowerVault 124T, PowerVault 130T DLT (Tape Library), PowerVault 210S (SCSI), PowerVault 211S (SCSI), PowerVault 220S (SCSI), PowerVault 221S (SCSI), PowerVault 224F (Fibre Channel Expansion), PowerVault 250F (Fibre Channel), PowerVault 251F (Fibre Channel), PowerVault 35F (Fibre Channel Bridge), PowerVault 50F (Fibre Channel Switch), PowerVault 51F (8P Fibre Channel Switch), PowerVault 530F (SAN Appliance), PowerVault 56F (16P Fibre Channel Switch), PowerVault 57F, PowerVault 630F (Fibre Channel Expansion), PowerVault 650F (Fibre Channel RAID), PowerVault 651F (Fibre Channel), PowerVault 660F (Fibre Channel RAID), PowerVault 700N, PowerVault 701N (Deskside NAS Appliance), PowerVault 715N (Rackmount NAS Appliance), PowerVault 725N (Rackmount NAS Appliance), PowerVault 735N (Rackmount NAS Appliance), PowerVault 745N, PowerVault 750N (Deskside NAS Appliance), PowerVault 755N (Rackmount NAS Appliance), PowerVault 770N (Deskside NAS Appliance), PowerVault 775N (Rackmount NAS Appliance), PowerVault 720N, 740N, and 760N (Filers), PowerVault 120T DDS3 (Autoloader), Dell DL1000, PowerVault DL2000, PowerVault DL2100, PowerVault DL2200 CommVault, PowerVault DL2200, Powervault DL2300, Dell DL4000, PowerVault 120T DLT1 (Autoloader), PowerVault DP100, PowerVault DP500, PowerVault DP600, Dell DR2000v, Dell DR4100, Dell DR6000, PowerVault DX6104, PowerVault DX6112, PowerVault 100T (IDE Tape Drive), POWER VAULT 114X LTO5 140, PowerVault 110T LTO (Tape Drive), PowerVault 122T LTO (Autoloader), PowerVault 128T LTO/SDLT (Tape Library), PowerVault 132T LTO/SDLT (Tape Library), PowerVault 136T LTO/SDLT (Tape Library), PowerVault 110T LTO2 (Tape Drive), PowerVault 122T LTO2 (Autoloader), PowerVault 160T LTO2 (Tape Library), PowerVault LTO3-060, PowerVault LTO3-080, PowerVault LTO4-120HH, PowerVault LTO5-140, Powervault LTO6, PowerVault LTO7, PowerVault LTO8, PowerVault LTO9, PowerVault 200S (SCSI), PowerVault 201S (SCSI), PowerVault MD1000, PowerVault MD1120, PowerVault MD1200, PowerVault MD1220, PowerVault MD3000, PowerVault MD3000i, PowerVault MD3060e, PowerVault MD3200, PowerVault MD3200i, PowerVault MD3220, PowerVault MD3220i, PowerVault MD3260, PowerVault MD3260i, PowerVault MD3400, PowerVault MD3420, PowerVault MD3460, PowerVault MD3600F, PowerVault MD3600i, PowerVault MD3620F, PowerVault MD3620i, PowerVault MD3660f, PowerVault MD3660i, PowerVault MD3800f, PowerVault MD3800i, PowerVault MD3820f, PowerVault MD3820i, PowerVault MD3860f, PowerVault MD3860i, Dell EMC PowerVault ME4012, Dell EMC PowerVault ME4024, Dell EMC PowerVault ME4084, Dell EMC PowerVault ME412 Expansion, Dell EMC PowerVault ME424 Expansion, Dell EMC PowerVault ME484, PowerVault ME5012, PowerVault ME5024, PowerVault ME5084, PowerVault ML6000, PowerVault NF100, PowerVault NF500, PowerVault NF600, PowerVault NX1950, PowerVault NX200, PowerVault NX300, PowerVault NX3000, PowerVault NX3100, Powervault NX3200, Powervault NX3300, PowerVault NX3500, PowerVault NX3600, PowerVault NX3610, Powervault NX400, PowerVault RD1000, PowerVault Storage Area Network (SAN), PowerVault 110T SDLT220 (Tape Drive), PowerVault 110T SDLT320 (Tape Drive), PowerVault 122T SDLT 320 (Autoloader), PowerVault TL2000, PowerVault TL4000, Dell Storage MD1280, Dell Storage MD1400, Dell Storage MD1420, Dell Storage NX3230, Dell EMC Storage NX3240, Dell Storage NX3330, Dell EMC Storage NX3340, Dell Storage NX430, Dell EMC NX440, PowerVault TL1000 ...
Article Properties
Article Number: 000207533
Article Type: Dell Security Advisory
Last Modified: 10 Jul 2023
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.