CVE-2023-43074

Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by crafting arbitrary files through a request to the server.

CVSS v3 5.2 MEDIUM

5.2^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unity-vsa-and-unity-xt-security-update-for-multiple-vulnerabilities	Vendor Advisory
https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unity-vsa-and-unity-xt-security-update-for-multiple-vulnerabilities	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:dell:unity_operating_environment::::::::
	cpe:2.3:a:dell:unity_xt_operating_environment::::::::
	cpe:2.3:a:dell:unityvsa_operating_environment::::::::

History

21 Nov 2024, 08:23

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~7.5~~	v2 : unknown v3 : 5.2
References	~~() https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unity-vsa-and-unity-xt-security-update-for-multiple-vulnerabilities - Vendor Advisory~~	() https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unity-vsa-and-unity-xt-security-update-for-multiple-vulnerabilities - Vendor Advisory

28 Oct 2023, 03:29

Type	Values Removed	Values Added
References	~~(MISC) https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unity-vsa-and-unity-xt-security-update-for-multiple-vulnerabilities -~~	(MISC) https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unity-vsa-and-unity-xt-security-update-for-multiple-vulnerabilities - Vendor Advisory
First Time		Dell unity Xt Operating Environment Dell unityvsa Operating Environment Dell unity Operating Environment Dell
CWE		NVD-CWE-noinfo
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
CPE		cpe:2.3:a:dell:unityvsa_operating_environment:::::::: cpe:2.3:a:dell:unity_xt_operating_environment:::::::: cpe:2.3:a:dell:unity_operating_environment::::::::

23 Oct 2023, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-10-23 15:15

Updated : 2024-11-21 08:23

NVD link : CVE-2023-43074

Mitre link : CVE-2023-43074

CVE.ORG link : CVE-2023-43074

JSON object : View

Products Affected

dell

unityvsa_operating_environment
unity_xt_operating_environment
unity_operating_environment

CWE

CWE-73

External Control of File Name or Path

NVD-CWE-noinfo

5.2 /10