Request a Demo
Rewterz
Rewterz Threat Update – Nearly 100,000 Industrial Control Systems Exposed to Attackers Online
October 9, 2023
Rewterz
Rewterz Threat Alert – Alert: FBI and CISA Warn of Increasing Snatch Ransomware Attacks – Active IOCs
October 9, 2023

Rewterz Threat Advisory – Multiple Dell EMC SmartFabric Software Packages Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2023-43068 CVSS:7.8

Dell EMC SmartFabric software packages could allow a local authenticated attacker to execute arbitrary commands on the system, caused by an OS command injection vulnerability in the restricted shell in SSH. An attacker could exploit this vulnerability to execute arbitrary commands on the system.

CVE-2023-43069 CVSS:7.8

Dell EMC SmartFabric software packages could allow a local authenticated attacker to execute arbitrary commands on the system, caused by an OS command injection vulnerability in the command-line interpreter. An attacker could exploit this vulnerability to execute arbitrary commands on the system.

CVE-2023-43070 CVSS:6.3

Dell EMC SmartFabric software packages could allow a remote authenticated attacker to traverse directories on the system, caused by improper validation of user requests. An attacker could send a specially crafted URL request to the HTTP interface containing “dot dot” sequences (/../) to modify or write arbitrary files to arbitrary locations in the license container.

CVE-2023-43071 CVSS:4.4

Dell EMC SmartFabric software packages are vulnerable to HTML injection. A remote authenticated attacker could inject malicious HTML code into the GUI, which when viewed, would execute in the victim’s Web browser within the security context of the hosting site.

CVE-2023-43072 CVSS:4.4

Dell EMC SmartFabric software packages could allow a local authenticated attacker to execute arbitrary commands on the system, caused by improper access control in the command-line interpreter. An attacker could exploit this vulnerability to execute arbitrary commands on the system.

CVE-2023-43073 CVSS:4.3

Dell EMC SmartFabric software packages could allow a remote authenticated attacker to bypass security restrictions, caused by improper input validation in the RADIUS configuration. An attacker could exploit this vulnerability to bypass access restrictions and gain access to data that would be otherwise inaccessible to them.

Impact

  • Gain Access
  • Information Theft
  • Security Bypass

Indicators Of Compromise

CVE

  • CVE-2023-43068
  • CVE-2023-43069
  • CVE-2023-43070
  • CVE-2023-43071
  • CVE-2023-43072
  • CVE-2023-43073

Affected Vendors

Dell

Affected Products

  • Dell EMC SmartFabric Storage Software Debian package for ESXi or Linux KVM 1.4.0
  • Dell EMC SmartFabric Storage Software package for ESXi 1.4.0
  • Dell EMC SmartFabric Storage Software package for Linux KVM 1.4.0

Remediation

Refer to Dell Security Advisory for patch, upgrade or suggested workaround information.

Dell Security Advisory