Vulnerability Details : CVE-2023-32465
Dell Power Protect Cyber Recovery, contains an Authentication Bypass vulnerability. An attacker could potentially exploit this vulnerability, leading to unauthorized admin access to the Cyber Recovery application. Exploitation may lead to complete system takeover by an attacker.
Products affected by CVE-2023-32465
- Dell » Powerprotect Cyber RecoveryVersions from including (>=) 19.4 and up to, including, (<=) 19.13.0.2cpe:2.3:a:dell:powerprotect_cyber_recovery:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-32465
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 36 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-32465
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
Dell |
CWE ids for CVE-2023-32465
-
The product does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers, such as Flash.Assigned by: security_alert@emc.com (Primary)
References for CVE-2023-32465
-
https://www.dell.com/support/kbdoc/en-us/000214943/dsa-2023-201-security-update-for-dell-powerprotect-cyber-recovery
DSA-2023-201: Security Update for Dell PowerProtect Cyber Recovery | Dell USVendor Advisory
Jump to