CVE-2023-32464 - Vulnerability Details

Dell VxRail, versions prior to 7.0.450, contain an improper certificate validation vulnerability. A high privileged remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim’s data in transit.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00071.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Dell

Dell EMC VxRail Appliance

unaffected

Version	Status	Constraints
`7.0.x versions before 7.0.450`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:dell:vxrail_d560_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_d560:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:dell:vxrail_d560f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_d560f:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:dell:vxrail_e460_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_e460:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:dell:vxrail_e560_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_e560:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:dell:vxrail_e560_vcf_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_e560_vcf:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:dell:vxrail_e560f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_e560f:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:dell:vxrail_e560f_vcf_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_e560f_vcf:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:dell:vxrail_e560n_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_e560n:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:dell:vxrail_e560n_vcf_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_e560n_vcf:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:dell:vxrail_e660_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_e660:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:dell:vxrail_e660f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_e660f:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:dell:vxrail_e660n_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_e660n:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:dell:vxrail_e665_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_e665:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:dell:vxrail_e665f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_e665f:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:dell:vxrail_e665n_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_e665n:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:dell:vxrail_g560_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_g560:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:dell:vxrail_g560_vcf_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_g560_vcf:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:dell:vxrail_g560f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_g560f:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:dell:vxrail_g560f_vcf_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_g560f_vcf:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:dell:vxrail_p470_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_p470:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:dell:vxrail_p570_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_p570:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:dell:vxrail_p570_vcf_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_p570_vcf:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:dell:vxrail_p570f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_p570f:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:dell:vxrail_p570f_vcf_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_p570f_vcf:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:dell:vxrail_p580n_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_p580n:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:dell:vxrail_p580n_vcf_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_p580n_vcf:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:dell:vxrail_p670f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_p670f:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:dell:vxrail_p670n_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_p670n:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:dell:vxrail_p675f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_p675f:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:dell:vxrail_p675n_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_p675n:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND

cpe:2.3:o:dell:vxrail_s470_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_s470:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND

cpe:2.3:o:dell:vxrail_s570_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_s570:-:*:*:*:*:*:*:*

Configuration 33 [-]

AND

cpe:2.3:o:dell:vxrail_s570_vcf_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_s570_vcf:-:*:*:*:*:*:*:*

Configuration 34 [-]

AND

cpe:2.3:o:dell:vxrail_s670_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_s670:-:*:*:*:*:*:*:*

Configuration 35 [-]

AND

cpe:2.3:o:dell:vxrail_v470_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_v470:-:*:*:*:*:*:*:*

Configuration 36 [-]

AND

cpe:2.3:o:dell:vxrail_v570_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_v570:-:*:*:*:*:*:*:*

Configuration 37 [-]

AND

cpe:2.3:o:dell:vxrail_v570_vcf_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_v570_vcf:-:*:*:*:*:*:*:*

Configuration 38 [-]

AND

cpe:2.3:o:dell:vxrail_v570f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_v570f:-:*:*:*:*:*:*:*

Configuration 39 [-]

AND

cpe:2.3:o:dell:vxrail_v570f_vcf_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_v570f_vcf:-:*:*:*:*:*:*:*

Configuration 40 [-]

AND

cpe:2.3:o:dell:vxrail_v670f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_v670f:-:*:*:*:*:*:*:*

Configuration 41 [-]

AND

cpe:2.3:o:dell:vxrail_vd-4000r_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_vd-4000r:-:*:*:*:*:*:*:*

Configuration 42 [-]

AND

cpe:2.3:o:dell:vxrail_vd-4000w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_vd-4000w:-:*:*:*:*:*:*:*

Configuration 43 [-]

AND

cpe:2.3:o:dell:vxrail_vd-4000z_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_vd-4000z:-:*:*:*:*:*:*:*

Configuration 44 [-]

AND

cpe:2.3:o:dell:vxrail_vd-4510c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_vd-4510c:-:*:*:*:*:*:*:*

Configuration 45 [-]

AND

cpe:2.3:o:dell:vxrail_vd-4520c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vxrail_vd-4520c:-:*:*:*:*:*:*:*

No data.

Project Subscriptions

Vendors	Products
Dell Subscribe	Vxrail D560 Subscribe Vxrail D560 Firmware Subscribe Vxrail D560f Subscribe Vxrail D560f Firmware Subscribe Vxrail E460 Subscribe Vxrail E460 Firmware Subscribe Vxrail E560 Subscribe Vxrail E560 Firmware Subscribe Vxrail E560 Vcf Subscribe Vxrail E560 Vcf Firmware Subscribe Vxrail E560f Subscribe Vxrail E560f Firmware Subscribe Vxrail E560f Vcf Subscribe Vxrail E560f Vcf Firmware Subscribe Vxrail E560n Subscribe Vxrail E560n Firmware Subscribe Vxrail E560n Vcf Subscribe Vxrail E560n Vcf Firmware Subscribe Vxrail E660 Subscribe Vxrail E660 Firmware Subscribe Vxrail E660f Subscribe Vxrail E660f Firmware Subscribe Vxrail E660n Subscribe Vxrail E660n Firmware Subscribe Vxrail E665 Subscribe Vxrail E665 Firmware Subscribe Vxrail E665f Subscribe Vxrail E665f Firmware Subscribe Vxrail E665n Subscribe Vxrail E665n Firmware Subscribe Vxrail G560 Subscribe Vxrail G560 Firmware Subscribe Vxrail G560 Vcf Subscribe Vxrail G560 Vcf Firmware Subscribe Vxrail G560f Subscribe Vxrail G560f Firmware Subscribe Vxrail G560f Vcf Subscribe Vxrail G560f Vcf Firmware Subscribe Vxrail P470 Subscribe Vxrail P470 Firmware Subscribe Vxrail P570 Subscribe Vxrail P570 Firmware Subscribe Vxrail P570 Vcf Subscribe Vxrail P570 Vcf Firmware Subscribe Vxrail P570f Subscribe Vxrail P570f Firmware Subscribe Vxrail P570f Vcf Subscribe Vxrail P570f Vcf Firmware Subscribe Vxrail P580n Subscribe Vxrail P580n Firmware Subscribe Vxrail P580n Vcf Subscribe Vxrail P580n Vcf Firmware Subscribe Vxrail P670f Subscribe Vxrail P670f Firmware Subscribe Vxrail P670n Subscribe Vxrail P670n Firmware Subscribe Vxrail P675f Subscribe Vxrail P675f Firmware Subscribe Vxrail P675n Subscribe Vxrail P675n Firmware Subscribe Vxrail S470 Subscribe Vxrail S470 Firmware Subscribe Vxrail S570 Subscribe Vxrail S570 Firmware Subscribe Vxrail S570 Vcf Subscribe Vxrail S570 Vcf Firmware Subscribe Vxrail S670 Subscribe Vxrail S670 Firmware Subscribe Vxrail V470 Subscribe Vxrail V470 Firmware Subscribe Vxrail V570 Subscribe Vxrail V570 Firmware Subscribe Vxrail V570 Vcf Subscribe Vxrail V570 Vcf Firmware Subscribe Vxrail V570f Subscribe Vxrail V570f Firmware Subscribe Vxrail V570f Vcf Subscribe Vxrail V570f Vcf Firmware Subscribe Vxrail V670f Subscribe Vxrail V670f Firmware Subscribe Vxrail Vd-4000r Subscribe Vxrail Vd-4000r Firmware Subscribe Vxrail Vd-4000w Subscribe Vxrail Vd-4000w Firmware Subscribe Vxrail Vd-4000z Subscribe Vxrail Vd-4000z Firmware Subscribe Vxrail Vd-4510c Subscribe Vxrail Vd-4510c Firmware Subscribe Vxrail Vd-4520c Subscribe Vxrail Vd-4520c Firmware Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2023-36708	Dell VxRail, versions prior to 7.0.450, contain an improper certificate validation vulnerability. A high privileged remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim’s data in transit.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.dell.com/support/kbdoc/en-us/000213011/dsa-2023-071-dell-vxrail-security-update-for-multiple-third-party-component-vulnerabilities-7-0-450

History

Fri, 08 Nov 2024 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2023-06-23T07:57:36.046Z

Updated: 2024-11-08T16:11:10.599Z

Reserved: 2023-05-09T06:05:24.994Z

Link: CVE-2023-32464

Vulnrichment

Updated: 2024-08-02T15:18:37.355Z

NVD

Status : Modified

Published: 2023-06-23T08:15:09.400

Modified: 2024-11-21T08:03:24.457

Link: CVE-2023-32464

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-295

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object