CVE-2023-39250

Dell Storage Integration Tools for VMware (DSITV) 06.01.00.016 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to retrieve an encryption key that could aid in further attacks.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000216615/dsa-2023-282-security-update-for-dell-storage-integration-tools-for-vmware-dsitv-vulnerabilities	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:dell:replay_manager_for_vmware::::::::
	cpe:2.3:a:dell:storage_integration_tools_for_vmware::::::::
	cpe:2.3:a:dell:storage_vsphere_client_plugin::::::::

History

16 Aug 2023, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-08-16 16:15

Updated : 2024-02-05 00:01

NVD link : CVE-2023-39250

Mitre link : CVE-2023-39250

CVE.ORG link : CVE-2023-39250

JSON object : View

Products Affected

dell

storage_vsphere_client_plugin
storage_integration_tools_for_vmware
replay_manager_for_vmware

CWE

CWE-540

Inclusion of Sensitive Information in Source Code

CWE-668

Exposure of Resource to Wrong Sphere

{"id": "CVE-2023-39250", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2023-08-16T16:15:11.217", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000216615/dsa-2023-282-security-update-for-dell-storage-integration-tools-for-vmware-dsitv-vulnerabilities", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-540"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-668"}]}], "descriptions": [{"lang": "en", "value": "\n\n\nDell Storage Integration Tools for VMware (DSITV) and Dell Storage vSphere Client Plugin (DSVCP) versions prior to 6.1.1 and Replay Manager for VMware (RMSV) versions prior to 3.1.2 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to retrieve an encryption key that could aid in further attacks. \n\n\n\n"}, {"lang": "es", "value": "Las versiones Dell Storage Integration Tools para VMware (DSITV) y Dell Storage vSphere Client Plugin (DSVCP) anteriores a la 6.1.1 y Replay Manager para las versiones VMware (RMSV) anteriores a la 3.1.2 contienen una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n. Un usuario malintencionado local con pocos privilegios podr\u00eda explotar esta vulnerabilidad para recuperar una clave de cifrado que podr\u00eda ayudar en futuros ataques."}], "lastModified": "2023-11-03T19:00:17.957", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:replay_manager_for_vmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8FA180EC-3CC5-4F78-9DF9-3AA00D410C5F", "versionEndExcluding": "3.1.2"}, {"criteria": "cpe:2.3:a:dell:storage_integration_tools_for_vmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DAFD6965-A273-4B48-9E0C-EF004E04F09A", "versionEndExcluding": "6.1.1"}, {"criteria": "cpe:2.3:a:dell:storage_vsphere_client_plugin:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A073484-7F1E-4B75-8639-E5AA573714FA", "versionEndExcluding": "6.1.1"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}