Vulnerability Details CVE-2023-23693
Dell VxRail, versions prior to 7.0.450, contains an OS command injection Vulnerability in DCManager command-line utility. A local high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 24.9%
CVSS Severity
CVSS v3 Score 6.7
References
- https://www.dell.com/support/kbdoc/en-us/000213011/dsa-2023-071-dell-vxrail-security-update-for-multiple-third-party-component-vulnerabilities-7-0-450
- https://www.dell.com/support/kbdoc/en-us/000213011/dsa-2023-071-dell-vxrail-security-update-for-multiple-third-party-component-vulnerabilities-7-0-450
Products affected by CVE-2023-23693
-
cpe:2.3:a:dell:vxrail_hyperconverged_infrastructure:*