CVE-2023-25934 MEDIUM

CVE-2023-25934

Vendor Dell
Product ECS
Weakness CWE-347
Published May 4, 2023
Last update January 29, 2025

CVSS base score

5.9/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

DELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature vulnerability. A network attacker with an ability to intercept the request could potentially exploit this vulnerability to modify the body data of the request.

Key dates

02Disclosure timeline

May 4, 2023 CVE published
January 29, 2025 Record updated