CVE-2023-32464 : Dell VxRail, versions prior to 7.0.450, contain an improper certificate validati

Dell VxRail, versions prior to 7.0.450, contain an improper certificate validation vulnerability. A high privileged remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim’s data in transit.

Published 2023-06-23 08:15:09

Updated 2023-07-05 18:31:28

Source Dell

View at NVD, CVE.org

Products affected by CVE-2023-32464

Dell » Vxrail D560f Firmware
Versions from including (>=) 7.0.0 and before (<) 7.0.450
cpe:2.3:o:dell:vxrail_d560f_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vxrail D560f » Version: N/A
Dell » Vxrail D560 Firmware
Versions from including (>=) 7.0.0 and before (<) 7.0.450
cpe:2.3:o:dell:vxrail_d560_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vxrail D560 » Version: N/A
Dell » Vxrail E460 Firmware
Versions from including (>=) 7.0.0 and before (<) 7.0.450
cpe:2.3:o:dell:vxrail_e460_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vxrail E460 » Version: N/A
Dell » Vxrail E560 Firmware
Versions from including (>=) 7.0.0 and before (<) 7.0.450
cpe:2.3:o:dell:vxrail_e560_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vxrail E560 » Version: N/A
Dell » Vxrail E560 Vcf Firmware
Versions from including (>=) 7.0.0 and before (<) 7.0.450
cpe:2.3:o:dell:vxrail_e560_vcf_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vxrail E560 Vcf » Version: N/A
Dell » Vxrail E560f Firmware
Versions from including (>=) 7.0.0 and before (<) 7.0.450
cpe:2.3:o:dell:vxrail_e560f_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vxrail E560f » Version: N/A
Dell » Vxrail E560f Vcf Firmware
Versions from including (>=) 7.0.0 and before (<) 7.0.450
cpe:2.3:o:dell:vxrail_e560f_vcf_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vxrail E560f Vcf » Version: N/A
Dell » Vxrail E560n Firmware
Versions from including (>=) 7.0.0 and before (<) 7.0.450
cpe:2.3:o:dell:vxrail_e560n_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vxrail E560n » Version: N/A
Dell » Vxrail E560n Vcf Firmware
Versions from including (>=) 7.0.0 and before (<) 7.0.450
cpe:2.3:o:dell:vxrail_e560n_vcf_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vxrail E560n Vcf » Version: N/A
Dell » Vxrail E660 Firmware
Versions from including (>=) 7.0.0 and before (<) 7.0.450
cpe:2.3:o:dell:vxrail_e660_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vxrail E660 » Version: N/A
Dell » Vxrail E660f Firmware
Versions from including (>=) 7.0.0 and before (<) 7.0.450
cpe:2.3:o:dell:vxrail_e660f_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vxrail E660f » Version: N/A
Dell » Vxrail E660n Firmware
Versions from including (>=) 7.0.0 and before (<) 7.0.450
cpe:2.3:o:dell:vxrail_e660n_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vxrail E660n » Version: N/A
Dell » Vxrail E665 Firmware
Versions from including (>=) 7.0.0 and before (<) 7.0.450
cpe:2.3:o:dell:vxrail_e665_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vxrail E665 » Version: N/A
Dell » Vxrail E665f Firmware
Versions from including (>=) 7.0.0 and before (<) 7.0.450
cpe:2.3:o:dell:vxrail_e665f_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vxrail E665f » Version: N/A
Dell » Vxrail E665n Firmware
Versions from including (>=) 7.0.0 and before (<) 7.0.450
cpe:2.3:o:dell:vxrail_e665n_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vxrail E665n » Version: N/A
Dell » Vxrail G560 Firmware
Versions from including (>=) 7.0.0 and before (<) 7.0.450
cpe:2.3:o:dell:vxrail_g560_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vxrail G560 » Version: N/A
Dell » Vxrail G560 Vcf Firmware
Versions from including (>=) 7.0.0 and before (<) 7.0.450
cpe:2.3:o:dell:vxrail_g560_vcf_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vxrail G560 Vcf » Version: N/A
Dell » Vxrail G560f Firmware
Versions from including (>=) 7.0.0 and before (<) 7.0.450
cpe:2.3:o:dell:vxrail_g560f_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vxrail G560f » Version: N/A
Dell » Vxrail G560f Vcf Firmware
Versions from including (>=) 7.0.0 and before (<) 7.0.450
cpe:2.3:o:dell:vxrail_g560f_vcf_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vxrail G560f Vcf » Version: N/A
Dell » Vxrail P470 Firmware
Versions from including (>=) 7.0.0 and before (<) 7.0.450
cpe:2.3:o:dell:vxrail_p470_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vxrail P470 » Version: N/A
Dell » Vxrail P570 Firmware
Versions from including (>=) 7.0.0 and before (<) 7.0.450
cpe:2.3:o:dell:vxrail_p570_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vxrail P570 » Version: N/A
Dell » Vxrail P570 Vcf Firmware
Versions from including (>=) 7.0.0 and before (<) 7.0.450
cpe:2.3:o:dell:vxrail_p570_vcf_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vxrail P570 Vcf » Version: N/A
Dell » Vxrail P570f Firmware
Versions from including (>=) 7.0.0 and before (<) 7.0.450
cpe:2.3:o:dell:vxrail_p570f_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vxrail P570f » Version: N/A
Dell » Vxrail P570f Vcf Firmware
Versions from including (>=) 7.0.0 and before (<) 7.0.450
cpe:2.3:o:dell:vxrail_p570f_vcf_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vxrail P570f Vcf » Version: N/A
Dell » Vxrail P580n Firmware
Versions from including (>=) 7.0.0 and before (<) 7.0.450
cpe:2.3:o:dell:vxrail_p580n_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vxrail P580n » Version: N/A
Dell » Vxrail P580n Vcf Firmware
Versions from including (>=) 7.0.0 and before (<) 7.0.450
cpe:2.3:o:dell:vxrail_p580n_vcf_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vxrail P580n Vcf » Version: N/A
Dell » Vxrail P670f Firmware
Versions from including (>=) 7.0.0 and before (<) 7.0.450
cpe:2.3:o:dell:vxrail_p670f_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vxrail P670f » Version: N/A
Dell » Vxrail P670n Firmware
Versions from including (>=) 7.0.0 and before (<) 7.0.450
cpe:2.3:o:dell:vxrail_p670n_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vxrail P670n » Version: N/A
Dell » Vxrail P675f Firmware
Versions from including (>=) 7.0.0 and before (<) 7.0.450
cpe:2.3:o:dell:vxrail_p675f_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vxrail P675f » Version: N/A
Dell » Vxrail P675n Firmware
Versions from including (>=) 7.0.0 and before (<) 7.0.450
cpe:2.3:o:dell:vxrail_p675n_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vxrail P675n » Version: N/A
Dell » Vxrail S470 Firmware
Versions from including (>=) 7.0.0 and before (<) 7.0.450
cpe:2.3:o:dell:vxrail_s470_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vxrail S470 » Version: N/A
Dell » Vxrail S570 Firmware
Versions from including (>=) 7.0.0 and before (<) 7.0.450
cpe:2.3:o:dell:vxrail_s570_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vxrail S570 » Version: N/A
Dell » Vxrail S570 Vcf Firmware
Versions from including (>=) 7.0.0 and before (<) 7.0.450
cpe:2.3:o:dell:vxrail_s570_vcf_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vxrail S570 Vcf » Version: N/A
Dell » Vxrail S670 Firmware
Versions from including (>=) 7.0.0 and before (<) 7.0.450
cpe:2.3:o:dell:vxrail_s670_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vxrail S670 » Version: N/A
Dell » Vxrail V470 Firmware
Versions from including (>=) 7.0.0 and before (<) 7.0.450
cpe:2.3:o:dell:vxrail_v470_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vxrail V470 » Version: N/A
Dell » Vxrail V570 Firmware
Versions from including (>=) 7.0.0 and before (<) 7.0.450
cpe:2.3:o:dell:vxrail_v570_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vxrail V570 » Version: N/A
Dell » Vxrail V570 Vcf Firmware
Versions from including (>=) 7.0.0 and before (<) 7.0.450
cpe:2.3:o:dell:vxrail_v570_vcf_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vxrail V570 Vcf » Version: N/A
Dell » Vxrail V570f Firmware
Versions from including (>=) 7.0.0 and before (<) 7.0.450
cpe:2.3:o:dell:vxrail_v570f_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vxrail V570f » Version: N/A
Dell » Vxrail V570f Vcf Firmware
Versions from including (>=) 7.0.0 and before (<) 7.0.450
cpe:2.3:o:dell:vxrail_v570f_vcf_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vxrail V570f Vcf » Version: N/A
Dell » Vxrail V670f Firmware
Versions from including (>=) 7.0.0 and before (<) 7.0.450
cpe:2.3:o:dell:vxrail_v670f_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vxrail V670f » Version: N/A
Dell » Vxrail Vd-4000r Firmware
Versions from including (>=) 7.0.0 and before (<) 7.0.450
cpe:2.3:o:dell:vxrail_vd-4000r_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vxrail Vd-4000r » Version: N/A
Dell » Vxrail Vd-4000w Firmware
Versions from including (>=) 7.0.0 and before (<) 7.0.450
cpe:2.3:o:dell:vxrail_vd-4000w_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vxrail Vd-4000w » Version: N/A
Dell » Vxrail Vd-4000z Firmware
Versions from including (>=) 7.0.0 and before (<) 7.0.450
cpe:2.3:o:dell:vxrail_vd-4000z_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vxrail Vd-4000z » Version: N/A
Dell » Vxrail Vd-4510c Firmware
Versions from including (>=) 7.0.0 and before (<) 7.0.450
cpe:2.3:o:dell:vxrail_vd-4510c_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vxrail Vd-4510c » Version: N/A
Dell » Vxrail Vd-4520c Firmware
Versions from including (>=) 7.0.0 and before (<) 7.0.450
cpe:2.3:o:dell:vxrail_vd-4520c_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vxrail Vd-4520c » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2023-32464

EPSS FAQ

0.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 18 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-32464

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
3.3	LOW	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N	0.7	2.5	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: None
2.7	LOW	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N	1.2	1.4	Dell
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: None

CWE ids for CVE-2023-32464

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

Assigned by: security_alert@emc.com (Primary)

References for CVE-2023-32464

https://www.dell.com/support/kbdoc/en-us/000213011/dsa-2023-071-dell-vxrail-security-update-for-multiple-third-party-component-vulnerabilities-7-0-450

Access Denied
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2023-32464

Products affected by CVE-2023-32464

Exploit prediction scoring system (EPSS) score for CVE-2023-32464

CVSS scores for CVE-2023-32464

CWE ids for CVE-2023-32464

References for CVE-2023-32464