How severe is CVE-2023-23691?

CVE-2023-23691 has a CVSS v3 score of 8.1 (HIGH).

CVE-2023-23691

8.1HIGH

Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains a Client-side desync Vulnerability. An unauthenticated attacker could potentially exploit this vulnerability to force a victim's browse

Published: 1/20/2023Updated: 11/21/2024

Description

Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains a Client-side desync Vulnerability. An unauthenticated attacker could potentially exploit this vulnerability to force a victim's browser to desynchronize its connection with the website, typically leading to XSS and DoS.

AI AnalysisPowered by AI

Affected Products

dellpowervault_me5012_firmware

dellpowervault_me5012

dellpowervault_me5024_firmware

dellpowervault_me5024

dellpowervault_me5084_firmware

dellpowervault_me5084

References

https://www.dell.com/support/kbdoc/en-us/000207533/dsa-2023-018-dell-emc-powervault-me5-security-update-for-a-client-desync-attack-vulnerability
Vendor Advisory
https://www.dell.com/support/kbdoc/en-us/000207533/dsa-2023-018-dell-emc-powervault-me5-security-update-for-a-client-desync-attack-vulnerability
Vendor Advisory