Protect Your Dell EMC Systems: Critical OS Command Injection Vulnerability Discovered

CVECVE-2023-23692
CVSScvssV3_1: 8.8
SourceCVE-2023-23692

Dell EMC systems prior to version 7.9 of their DDoS software are affected by a serious OS command injection vulnerability. This vulnerability could allow an authenticated attacker to execute arbitrary operating system commands on the underlying system the software is running on.

OS command injection occurs when unsanitized user input is passed to the operating system shell. A malicious actor could craft specially crafted requests that would be interpreted by the OS as commands. This would let them run programs, modify and delete files, install malware and more.

In this case, an authenticated non-admin user on impacted Dell EMC systems could potentially exploit the vulnerability. This means anyone who has a valid login could try to take advantage. While the full privileges of the system wouldn’t be obtained, valuable access could still be gained.

If you have an older Dell EMC system, you should immediately update to the latest version 7.9 of the DDoS software. This will patch the vulnerability. It’s also recommended to carefully review login records for any unauthorized access attempts. Ensure all accounts have strong unique passwords. Applying the latest patches is critical to protect systems from threats like this.

References