Vulnerability Description
Dell PowerStore versions prior to 3.5 contain an improper verification of cryptographic signature vulnerability. An attacker can trick a high privileged user to install a malicious binary by bypassing the existing cryptographic signature checks
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Powerstoret Os | < 3.5.0.0-2050321 |
| Dell | Powerstore 500T | - |
| Dell | Powerstore 1000T | - |
| Dell | Powerstore 1200T | - |
| Dell | Powerstore 3200T | - |
| Dell | Powerstore 3000T | - |
| Dell | Powerstore 5200T | - |
| Dell | Powerstore 5000T | - |
| Dell | Powerstore 7000T | - |
| Dell | Powerstore 9000T | - |
| Dell | Powerstore 9200T | - |
Related Weaknesses (CWE)
References
- https://www.dell.com/support/kbdoc/en-us/000215171/dsa-2023-173-dell-powerstore-PatchVendor Advisory
- https://www.dell.com/support/kbdoc/en-us/000215171/dsa-2023-173-dell-powerstore-PatchVendor Advisory
FAQ
What is CVE-2023-32449?
CVE-2023-32449 is a vulnerability with a CVSS score of 7.2 (HIGH). Dell PowerStore versions prior to 3.5 contain an improper verification of cryptographic signature vulnerability. An attacker can trick a high privileged user to install a malicious binary by bypassin...
How severe is CVE-2023-32449?
CVE-2023-32449 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-32449?
Check the references section above for vendor advisories and patch information. Affected products include: Dell Powerstoret Os, Dell Powerstore 500T, Dell Powerstore 1000T, Dell Powerstore 1200T, Dell Powerstore 3200T.