What is CVE-2023-23694?

CVE-2023-23694 is a medium-severity vulnerability in Dell Vxrail Hci, classified under OS Command Injection. CVSS score: 4.7/10. Published 2023-05-23.

How severe is CVE-2023-23694?

Medium severity. CVSS v3 base score is 4.7 out of 10.

RCE in Dell Vxrail Hci

CVE-2023-23694

Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.007 (49.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.7 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L.

Affected products

Dell Vxrail Hci — versions 7.0.x versions before 7.0.450
Dell Vxrail_hyperconverged_infrastructure

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

security_alert@emc.com (vendor-advisory, Vendor Advisory)

Frequently asked questions

What is CVE-2023-23694?: CVE-2023-23694 is a medium-severity vulnerability in Dell Vxrail Hci, classified under OS Command Injection. CVSS score: 4.7/10. Published 2023-05-23.
How severe is CVE-2023-23694?: Medium severity. CVSS v3 base score is 4.7 out of 10.