CVE-2023-4401 HIGH

CVE-2023-4401

Vendor Dell
Product Dell SmartFabric Storage Software
Weakness CWE-77
Published October 5, 2023
Last update September 19, 2024

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the CLI use of the ‘more’ command. A local or remote authenticated attacker could potentially exploit this vulnerability, leading to the ability to gain root-level access.

Key dates

02Disclosure timeline

October 5, 2023 CVE published
September 19, 2024 Record updated