Request a Demo
Rewterz
Rewterz Threat Alert – RedLine Stealer – Active IOCs
October 27, 2023
Rewterz
Rewterz Threat Advisory – Multiple Oracle Products Vulnerabilities
October 27, 2023

Rewterz Threat Advisory – Multiple Dell Unity Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2023-43065 CVSS:5.5

Dell Unity is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVE-2023-43066 CVSS:5.1

Dell Unity could allow a local authenticated attacker to bypass security restrictions, caused by a Restricted Shell Bypass vulnerability. By authenticating to the device CLI and issuing certain commands, an attacker could exploit this vulnerability to bypass authentication and obtain access.

CVE-2023-43067 CVSS:4.9

Dell Unity is vulnerable to an XML external entity injection (XXE) attack when processing XML data, caused by a weakly configured XML parser. By using specially crafted XML content, a remote authenticated attacker could exploit this vulnerability to read arbitrary files.

CVE-2023-43074 CVSS:7.1

Dell Unity could allow a local authenticated attacker to create arbitrary files, caused by improper validation of user requests. By sending a specially crafted request, an attacker could exploit this vulnerability to create arbitrary files on the system.

Impact

  • Cross-Site Scripting
  • Information Theft
  • Security Bypass
  • Gain Access

Indicators Of Compromise

CVE

  • CVE-2023-43065
  • CVE-2023-43066
  • CVE-2023-43067
  • CVE-2023-43074

Affected Vendors

Dell

Affected Products

  • Dell Unity Operating Environment 5.2.2.0.5.004
  • Dell Unity Operating Environment 5.2.1.0.5.013
  • Dell Unity Operating Environment 5.2.0.0.5.173
  • Dell UnityVSA Operating Environment 5.2.2.0.5.004
  • Dell UnityVSA Operating Environment 5.2.1.0.5.013
  • Dell UnityVSA Operating Environment 5.2.0.0.5.173
  • Dell Unity XT Operating Environment 5.2.2.0.5.004
  • Dell Unity XT Operating Environment 5.2.1.0.5.013
  • Dell Unity XT Operating Environment 5.2.0.0.5.173

Remediation

Refer to Dell Security Advisory for patch, upgrade or suggested workaround information.

Dell Security Advisory