CVE-2023-32464 — LOW (2.7) — White Hats Nepal

Q: How severe is CVE-2023-32464?

CVE-2023-32464 has been rated LOW with a CVSS base score of 2.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-32464?

Check the references section above for vendor advisories and patch information. Affected products include: Dell Vxrail D560 Firmware, Dell Vxrail D560, Dell Vxrail D560F Firmware, Dell Vxrail D560F, Dell Vxrail E460 Firmware.

Vulnerability Description

Dell VxRail, versions prior to 7.0.450, contain an improper certificate validation vulnerability. A high privileged remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim’s data in transit.

CVSS Score

2.7

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Dell	Vxrail D560 Firmware	>= 7.0.0, < 7.0.450
Dell	Vxrail D560	-
Dell	Vxrail D560F Firmware	>= 7.0.0, < 7.0.450
Dell	Vxrail D560F	-
Dell	Vxrail E460 Firmware	>= 7.0.0, < 7.0.450
Dell	Vxrail E460	-
Dell	Vxrail E560 Firmware	>= 7.0.0, < 7.0.450
Dell	Vxrail E560	-
Dell	Vxrail E560 Vcf Firmware	>= 7.0.0, < 7.0.450
Dell	Vxrail E560 Vcf	-
Dell	Vxrail E560F Firmware	>= 7.0.0, < 7.0.450
Dell	Vxrail E560F	-
Dell	Vxrail E560F Vcf Firmware	>= 7.0.0, < 7.0.450
Dell	Vxrail E560F Vcf	-
Dell	Vxrail E560N Firmware	>= 7.0.0, < 7.0.450
Dell	Vxrail E560N	-
Dell	Vxrail E560N Vcf Firmware	>= 7.0.0, < 7.0.450
Dell	Vxrail E560N Vcf	-
Dell	Vxrail E660 Firmware	>= 7.0.0, < 7.0.450
Dell	Vxrail E660	-

Related Weaknesses (CWE)

CWE-295

References

https://www.dell.com/support/kbdoc/en-us/000213011/dsa-2023-071-dell-vxrail-secuVendor Advisory
https://www.dell.com/support/kbdoc/en-us/000213011/dsa-2023-071-dell-vxrail-secuVendor Advisory

FAQ

What is CVE-2023-32464?

CVE-2023-32464 is a vulnerability with a CVSS score of 2.7 (LOW). Dell VxRail, versions prior to 7.0.450, contain an improper certificate validation vulnerability. A high privileged remote attacker may potentially exploit this vulnerability to carry out a man-in-th...

How severe is CVE-2023-32464?

CVE-2023-32464 has been rated LOW with a CVSS base score of 2.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-32464?

Check the references section above for vendor advisories and patch information. Affected products include: Dell Vxrail D560 Firmware, Dell Vxrail D560, Dell Vxrail D560F Firmware, Dell Vxrail D560F, Dell Vxrail E460 Firmware.