CVE-2023-32464 - Vulnerability Details

Description

Dell VxRail, versions prior to 7.0.450, contain an improper certificate validation vulnerability. A high privileged remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim’s data in transit.

Published: 2023-06-23

Score: 2.7 Low

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Dell

Dell EMC VxRail Appliance

unaffected

Version	Status	Constraints
`7.0.x versions before 7.0.450`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:dell:vxrail_d560_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_d560:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:dell:vxrail_d560f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_d560f:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:dell:vxrail_e460_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_e460:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:dell:vxrail_e560_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_e560:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:dell:vxrail_e560_vcf_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_e560_vcf:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:dell:vxrail_e560f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_e560f:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:dell:vxrail_e560f_vcf_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_e560f_vcf:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:dell:vxrail_e560n_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_e560n:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:dell:vxrail_e560n_vcf_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_e560n_vcf:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:dell:vxrail_e660_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_e660:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:dell:vxrail_e660f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_e660f:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:dell:vxrail_e660n_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_e660n:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:dell:vxrail_e665_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_e665:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:dell:vxrail_e665f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_e665f:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:dell:vxrail_e665n_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_e665n:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:dell:vxrail_g560_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_g560:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:dell:vxrail_g560_vcf_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_g560_vcf:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:dell:vxrail_g560f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_g560f:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:dell:vxrail_g560f_vcf_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_g560f_vcf:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:dell:vxrail_p470_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_p470:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:dell:vxrail_p570_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_p570:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:dell:vxrail_p570_vcf_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_p570_vcf:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:dell:vxrail_p570f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_p570f:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:dell:vxrail_p570f_vcf_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_p570f_vcf:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:dell:vxrail_p580n_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_p580n:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:dell:vxrail_p580n_vcf_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_p580n_vcf:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:dell:vxrail_p670f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_p670f:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:dell:vxrail_p670n_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_p670n:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:dell:vxrail_p675f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_p675f:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:dell:vxrail_p675n_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_p675n:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND

cpe:2.3:o:dell:vxrail_s470_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_s470:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND

cpe:2.3:o:dell:vxrail_s570_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_s570:-:*:*:*:*:*:*:*

Configuration 33 [-]

AND

cpe:2.3:o:dell:vxrail_s570_vcf_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_s570_vcf:-:*:*:*:*:*:*:*

Configuration 34 [-]

AND

cpe:2.3:o:dell:vxrail_s670_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_s670:-:*:*:*:*:*:*:*

Configuration 35 [-]

AND

cpe:2.3:o:dell:vxrail_v470_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_v470:-:*:*:*:*:*:*:*

Configuration 36 [-]

AND

cpe:2.3:o:dell:vxrail_v570_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_v570:-:*:*:*:*:*:*:*

Configuration 37 [-]

AND

cpe:2.3:o:dell:vxrail_v570_vcf_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_v570_vcf:-:*:*:*:*:*:*:*

Configuration 38 [-]

AND

cpe:2.3:o:dell:vxrail_v570f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_v570f:-:*:*:*:*:*:*:*

Configuration 39 [-]

AND

cpe:2.3:o:dell:vxrail_v570f_vcf_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_v570f_vcf:-:*:*:*:*:*:*:*

Configuration 40 [-]

AND

cpe:2.3:o:dell:vxrail_v670f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_v670f:-:*:*:*:*:*:*:*

Configuration 41 [-]

AND

cpe:2.3:o:dell:vxrail_vd-4000r_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_vd-4000r:-:*:*:*:*:*:*:*

Configuration 42 [-]

AND

cpe:2.3:o:dell:vxrail_vd-4000w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_vd-4000w:-:*:*:*:*:*:*:*

Configuration 43 [-]

AND

cpe:2.3:o:dell:vxrail_vd-4000z_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_vd-4000z:-:*:*:*:*:*:*:*

Configuration 44 [-]

AND

cpe:2.3:o:dell:vxrail_vd-4510c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_vd-4510c:-:*:*:*:*:*:*:*

Configuration 45 [-]

AND

cpe:2.3:o:dell:vxrail_vd-4520c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_vd-4520c:-:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2023-36708	Dell VxRail, versions prior to 7.0.450, contain an improper certificate validation vulnerability. A high privileged remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim’s data in transit.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00095.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://www.dell.com/support/kbdoc/en-us/000213011/dsa-2023-071-dell-vxrail-security-update-for-multiple-third-party-component-vulnerabilities-7-0-450

History

Fri, 08 Nov 2024 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Subscriptions

Dell Vxrail D560 Vxrail D560 Firmware Vxrail D560f Vxrail D560f Firmware Vxrail E460 Vxrail E460 Firmware Vxrail E560 Vxrail E560 Firmware Vxrail E560 Vcf Vxrail E560 Vcf Firmware Vxrail E560f Vxrail E560f Firmware Vxrail E560f Vcf Vxrail E560f Vcf Firmware Vxrail E560n Vxrail E560n Firmware Vxrail E560n Vcf Vxrail E560n Vcf Firmware Vxrail E660 Vxrail E660 Firmware Vxrail E660f Vxrail E660f Firmware Vxrail E660n Vxrail E660n Firmware Vxrail E665 Vxrail E665 Firmware Vxrail E665f Vxrail E665f Firmware Vxrail E665n Vxrail E665n Firmware Vxrail G560 Vxrail G560 Firmware Vxrail G560 Vcf Vxrail G560 Vcf Firmware Vxrail G560f Vxrail G560f Firmware Vxrail G560f Vcf Vxrail G560f Vcf Firmware Vxrail P470 Vxrail P470 Firmware Vxrail P570 Vxrail P570 Firmware Vxrail P570 Vcf Vxrail P570 Vcf Firmware Vxrail P570f Vxrail P570f Firmware Vxrail P570f Vcf Vxrail P570f Vcf Firmware Vxrail P580n Vxrail P580n Firmware Vxrail P580n Vcf Vxrail P580n Vcf Firmware Vxrail P670f Vxrail P670f Firmware Vxrail P670n Vxrail P670n Firmware Vxrail P675f Vxrail P675f Firmware Vxrail P675n Vxrail P675n Firmware Vxrail S470 Vxrail S470 Firmware Vxrail S570 Vxrail S570 Firmware Vxrail S570 Vcf Vxrail S570 Vcf Firmware Vxrail S670 Vxrail S670 Firmware Vxrail V470 Vxrail V470 Firmware Vxrail V570 Vxrail V570 Firmware Vxrail V570 Vcf Vxrail V570 Vcf Firmware Vxrail V570f Vxrail V570f Firmware Vxrail V570f Vcf Vxrail V570f Vcf Firmware Vxrail V670f Vxrail V670f Firmware Vxrail Vd-4000r Vxrail Vd-4000r Firmware Vxrail Vd-4000w Vxrail Vd-4000w Firmware Vxrail Vd-4000z Vxrail Vd-4000z Firmware Vxrail Vd-4510c Vxrail Vd-4510c Firmware Vxrail Vd-4520c Vxrail Vd-4520c Firmware

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2023-06-23T07:57:36.046Z

Updated: 2024-11-08T16:11:10.599Z

Reserved: 2023-05-09T06:05:24.994Z

Link: CVE-2023-32464

Vulnrichment

Updated: 2024-08-02T15:18:37.355Z

NVD

Status : Modified

Published: 2023-06-23T08:15:09.400

Modified: 2024-11-21T08:03:24.457

Link: CVE-2023-32464

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-295

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object