Rewterz Threat Alert – Critical Citrix Bleed Vulnerability Exploited in LockBit Ransomware Attacks – Active IOCs
December 5, 2023Rewterz Threat Alert – Lazarus aka Hidden Cobra APT Group – Active IOCs
December 5, 2023Rewterz Threat Alert – Critical Citrix Bleed Vulnerability Exploited in LockBit Ransomware Attacks – Active IOCs
December 5, 2023Rewterz Threat Alert – Lazarus aka Hidden Cobra APT Group – Active IOCs
December 5, 2023Severity
High
Analysis Summary
CVE-2023-44291 CVSS:7.2
Dell DM5500 could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a flaw in the PPOE component. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary OS commands on the system.
CVE-2023-44300 CVSS:5.5
Dell DM5500 could allow a local authenticated attacker to obtain sensitive information, caused by a plain-text password storage flaw in the PPOE component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain credentials information, and use this information to launch further attacks against the affected system.
CVE-2023-44301 CVSS:5.4
Dell DM5500 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2023-44302 CVSS:8.1
Dell DM5500 could allow a remote attacker to execute arbitrary code on the system, caused by improper authentication validation. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-44304 CVSS:8.2
Dell DM5500 could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw in the PPOE component. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to escape the restricted shell and gain root access to the appliance.
CVE-2023-44305 CVSS:8.1
Dell DM5500 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the PPOE component. By sending a specially crafted input data, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVE-2023-44306 CVSS:6.5
Dell DM5500 could allow a remote authenticated attacker to traverse directories on the system, caused by improper validation of user request by the PPOE Component. An attacker could send a specially crafted URL request containing “dot dot” sequences (/../) to overwrite arbitrary files on the system.
Impact
- Gain Access
- Information Disclosure
- Buffer Overflow
- Privileges Escalation
- Cross-Site Scripting
Indicators Of Compromise
CVE
- CVE-2023-44291
- CVE-2023-44300
- CVE-2023-44301
- CVE-2023-44302
- CVE-2023-44303
- CVE-2023-44304
- CVE-2023-44305
- CVE-2023-44306
Affected Vendors
Dell
Affected Products
- Dell DM5500 5.14
Remediation
Refer to Dell Security Advisory for patch, upgrade or suggested workaround information.