DSA-2023-283: Security Update for Dell SmartFabric Storage Software Vulnerabilities
요약: Dell SmartFabric Storage Software remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
이 문서는 다음에 적용됩니다.
이 문서는 다음에 적용되지 않습니다.
이 문서는 특정 제품과 관련이 없습니다.
모든 제품 버전이 이 문서에 나와 있는 것은 아닙니다.
영향
Critical
세부 정보
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-32485 | Dell SmartFabric Storage Software version 1.3 and lower contain an improper input validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability and escalate privileges up to the highest administration level. This is a critical severity vulnerability affecting user authentication. Dell recommends customers to upgrade at the earliest opportunity. | 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-32485 | Dell SmartFabric Storage Software version 1.3 and lower contain an improper input validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability and escalate privileges up to the highest administration level. This is a critical severity vulnerability affecting user authentication. Dell recommends customers to upgrade at the earliest opportunity. | 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
영향을 받는 제품 및 문제 해결
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|
| CVE-2023-32485 | Dell SmartFabric Storage Software | Versions before 1.4.0 | 1.4.0 | https://www.dell.com/support |
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|
| CVE-2023-32485 | Dell SmartFabric Storage Software | Versions before 1.4.0 | 1.4.0 | https://www.dell.com/support |
해결 방법 및 완화 방안
none
개정 내역
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2023-08-08 | Initial Release |
| 2.0 | 2023-10-05 | Major Revision: added relevant URL to the CVEand modified minor formatting without content change. |
관련 정보
법적 고지 사항
해당 제품
SmartFabric Storage Software for NVMe/TCP SAN, SmartFabric Storage Software Download for NVMe/TCP SAN문서 속성
문서 번호: 000216587
문서 유형: Dell Security Advisory
마지막 수정 시간: 05 10월 2023
다른 Dell 사용자에게 질문에 대한 답변 찾기
지원 서비스
디바이스에 지원 서비스가 적용되는지 확인하십시오.