Vulnerability Details : CVE-2023-39250
Dell Storage Integration Tools for VMware (DSITV) and Dell Storage vSphere Client Plugin (DSVCP) versions prior to 6.1.1 and Replay Manager for VMware (RMSV) versions prior to 3.1.2 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to retrieve an encryption key that could aid in further attacks.
Vulnerability category: Information leak
Products affected by CVE-2023-39250
- cpe:2.3:a:dell:storage_integration_tools_for_vmware:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:replay_manager_for_vmware:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_vsphere_client_plugin:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-39250
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 7 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-39250
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
Dell |
CWE ids for CVE-2023-39250
-
Source code on a web server or repository often contains sensitive information and should generally not be accessible to users.Assigned by: security_alert@emc.com (Primary)
-
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.Assigned by: nvd@nist.gov (Secondary)
References for CVE-2023-39250
-
https://www.dell.com/support/kbdoc/en-us/000216615/dsa-2023-282-security-update-for-dell-storage-integration-tools-for-vmware-dsitv-vulnerabilities
DSA-2023-282: Security Update for Dell Storage Integration Tools for VMware (DSITV) Vulnerabilities | Dell USVendor Advisory
Jump to