March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Alert – RedLine Stealer – Active IOCs
October 27, 2023
Rewterz Threat Advisory – Multiple Oracle Products Vulnerabilities
October 27, 2023
Rewterz Threat Alert – RedLine Stealer – Active IOCs
October 27, 2023
Rewterz Threat Advisory – Multiple Oracle Products Vulnerabilities
October 27, 2023
Severity
Medium
Analysis Summary
CVE-2023-43065 CVSS:5.5
Dell Unity is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2023-43066 CVSS:5.1
Dell Unity could allow a local authenticated attacker to bypass security restrictions, caused by a Restricted Shell Bypass vulnerability. By authenticating to the device CLI and issuing certain commands, an attacker could exploit this vulnerability to bypass authentication and obtain access.
CVE-2023-43067 CVSS:4.9
Dell Unity is vulnerable to an XML external entity injection (XXE) attack when processing XML data, caused by a weakly configured XML parser. By using specially crafted XML content, a remote authenticated attacker could exploit this vulnerability to read arbitrary files.
CVE-2023-43074 CVSS:7.1
Dell Unity could allow a local authenticated attacker to create arbitrary files, caused by improper validation of user requests. By sending a specially crafted request, an attacker could exploit this vulnerability to create arbitrary files on the system.
Impact
- Cross-Site Scripting
- Information Theft
- Security Bypass
- Gain Access
Indicators Of Compromise
CVE
- CVE-2023-43065
- CVE-2023-43066
- CVE-2023-43067
- CVE-2023-43074
Affected Vendors
Dell
Affected Products
- Dell Unity Operating Environment 5.2.2.0.5.004
- Dell Unity Operating Environment 5.2.1.0.5.013
- Dell Unity Operating Environment 5.2.0.0.5.173
- Dell UnityVSA Operating Environment 5.2.2.0.5.004
- Dell UnityVSA Operating Environment 5.2.1.0.5.013
- Dell UnityVSA Operating Environment 5.2.0.0.5.173
- Dell Unity XT Operating Environment 5.2.2.0.5.004
- Dell Unity XT Operating Environment 5.2.1.0.5.013
- Dell Unity XT Operating Environment 5.2.0.0.5.173
Remediation
Refer to Dell Security Advisory for patch, upgrade or suggested workaround information.