Request a Demo
Rewterz
Rewterz Threat Alert – Critical Citrix Bleed Vulnerability Exploited in LockBit Ransomware Attacks – Active IOCs
December 5, 2023
Rewterz
Rewterz Threat Alert – Lazarus aka Hidden Cobra APT Group – Active IOCs
December 5, 2023

Rewterz Threat Advisory – Multiple Dell DM5500 Vulnerabilities

Severity

High

Analysis Summary

CVE-2023-44291 CVSS:7.2

Dell DM5500 could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a flaw in the PPOE component. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary OS commands on the system.

CVE-2023-44300 CVSS:5.5

Dell DM5500 could allow a local authenticated attacker to obtain sensitive information, caused by a plain-text password storage flaw in the PPOE component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain credentials information, and use this information to launch further attacks against the affected system.

CVE-2023-44301 CVSS:5.4

Dell DM5500 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVE-2023-44302 CVSS:8.1

Dell DM5500 could allow a remote attacker to execute arbitrary code on the system, caused by improper authentication validation. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2023-44304 CVSS:8.2

Dell DM5500 could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw in the PPOE component. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to escape the restricted shell and gain root access to the appliance.

CVE-2023-44305 CVSS:8.1

Dell DM5500 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the PPOE component. By sending a specially crafted input data, a remote attacker could overflow a buffer and execute arbitrary code on the system.

CVE-2023-44306 CVSS:6.5

Dell DM5500 could allow a remote authenticated attacker to traverse directories on the system, caused by improper validation of user request by the PPOE Component. An attacker could send a specially crafted URL request containing “dot dot” sequences (/../) to overwrite arbitrary files on the system.

Impact

  • Gain Access
  • Information Disclosure
  • Buffer Overflow
  • Privileges Escalation
  • Cross-Site Scripting

Indicators Of Compromise

CVE

  • CVE-2023-44291
  • CVE-2023-44300
  • CVE-2023-44301
  • CVE-2023-44302
  • CVE-2023-44303
  • CVE-2023-44304
  • CVE-2023-44305
  • CVE-2023-44306

Affected Vendors

Dell

Affected Products

  • Dell DM5500 5.14

Remediation

Refer to Dell Security Advisory for patch, upgrade or suggested workaround information.

Dell Security Advisory