CVE-2023-32464

Dell VxRail, versions prior to 7.0.450, contain an improper certificate validation vulnerability. A high privileged remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victims data in transit.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.7 LOW
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
dellCNA
2.7 LOW
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
VendorProductVersion
dellvxrail_d560_firmware
7.0.0 ≤
𝑥
< 7.0.450
dellvxrail_d560f_firmware
7.0.0 ≤
𝑥
< 7.0.450
dellvxrail_e460_firmware
7.0.0 ≤
𝑥
< 7.0.450
dellvxrail_e560_firmware
7.0.0 ≤
𝑥
< 7.0.450
dellvxrail_e560_vcf_firmware
7.0.0 ≤
𝑥
< 7.0.450
dellvxrail_e560f_firmware
7.0.0 ≤
𝑥
< 7.0.450
dellvxrail_e560f_vcf_firmware
7.0.0 ≤
𝑥
< 7.0.450
dellvxrail_e560n_firmware
7.0.0 ≤
𝑥
< 7.0.450
dellvxrail_e560n_vcf_firmware
7.0.0 ≤
𝑥
< 7.0.450
dellvxrail_e660_firmware
7.0.0 ≤
𝑥
< 7.0.450
dellvxrail_e660f_firmware
7.0.0 ≤
𝑥
< 7.0.450
dellvxrail_e660n_firmware
7.0.0 ≤
𝑥
< 7.0.450
dellvxrail_e665_firmware
7.0.0 ≤
𝑥
< 7.0.450
dellvxrail_e665f_firmware
7.0.0 ≤
𝑥
< 7.0.450
dellvxrail_e665n_firmware
7.0.0 ≤
𝑥
< 7.0.450
dellvxrail_g560_firmware
7.0.0 ≤
𝑥
< 7.0.450
dellvxrail_g560_vcf_firmware
7.0.0 ≤
𝑥
< 7.0.450
dellvxrail_g560f_firmware
7.0.0 ≤
𝑥
< 7.0.450
dellvxrail_g560f_vcf_firmware
7.0.0 ≤
𝑥
< 7.0.450
dellvxrail_p470_firmware
7.0.0 ≤
𝑥
< 7.0.450
dellvxrail_p570_firmware
7.0.0 ≤
𝑥
< 7.0.450
dellvxrail_p570_vcf_firmware
7.0.0 ≤
𝑥
< 7.0.450
dellvxrail_p570f_firmware
7.0.0 ≤
𝑥
< 7.0.450
dellvxrail_p570f_vcf_firmware
7.0.0 ≤
𝑥
< 7.0.450
dellvxrail_p580n_firmware
7.0.0 ≤
𝑥
< 7.0.450
dellvxrail_p580n_vcf_firmware
7.0.0 ≤
𝑥
< 7.0.450
dellvxrail_p670f_firmware
7.0.0 ≤
𝑥
< 7.0.450
dellvxrail_p670n_firmware
7.0.0 ≤
𝑥
< 7.0.450
dellvxrail_p675f_firmware
7.0.0 ≤
𝑥
< 7.0.450
dellvxrail_p675n_firmware
7.0.0 ≤
𝑥
< 7.0.450
dellvxrail_s470_firmware
7.0.0 ≤
𝑥
< 7.0.450
dellvxrail_s570_firmware
7.0.0 ≤
𝑥
< 7.0.450
dellvxrail_s570_vcf_firmware
7.0.0 ≤
𝑥
< 7.0.450
dellvxrail_s670_firmware
7.0.0 ≤
𝑥
< 7.0.450
dellvxrail_v470_firmware
7.0.0 ≤
𝑥
< 7.0.450
dellvxrail_v570_firmware
7.0.0 ≤
𝑥
< 7.0.450
dellvxrail_v570_vcf_firmware
7.0.0 ≤
𝑥
< 7.0.450
dellvxrail_v570f_firmware
7.0.0 ≤
𝑥
< 7.0.450
dellvxrail_v570f_vcf_firmware
7.0.0 ≤
𝑥
< 7.0.450
dellvxrail_v670f_firmware
7.0.0 ≤
𝑥
< 7.0.450
dellvxrail_vd-4000r_firmware
7.0.0 ≤
𝑥
< 7.0.450
dellvxrail_vd-4000w_firmware
7.0.0 ≤
𝑥
< 7.0.450
dellvxrail_vd-4000z_firmware
7.0.0 ≤
𝑥
< 7.0.450
dellvxrail_vd-4510c_firmware
7.0.0 ≤
𝑥
< 7.0.450
dellvxrail_vd-4520c_firmware
7.0.0 ≤
𝑥
< 7.0.450
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.dell.com/support/kbdoc/en-us/000213011/dsa-2023-071-dell-vxrail-security-update-for-multiple-third-party-component-vulnerabilities-7-0-450
https://www.dell.com/support/kbdoc/en-us/000213011/dsa-2023-071-dell-vxrail-security-update-for-multiple-third-party-component-vulnerabilities-7-0-450