CVE-2023-43082 — Improper Certificate Validation in Dell Unity Operating Environment

CWE-295 — Improper Certificate Validation3 documents3 sources

Severity

5.9MEDIUMNVD

CNA8.6

EPSS

0.1%

top 64.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Unity Operating Environment Dell Unity XT Operating Environment Dell Unityvsa Operating Environment +1 more

Timeline

PublishedNov 22

Description

Dell Unity prior to 5.3 contains a 'man in the middle' vulnerability in the vmadapter component. If a customer has a certificate signed by a third-party public Certificate Authority, the vCenter CA could be spoofed by an attacker who can obtain a CA-signed certificate.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages4 packages

▶NVDdell/unity_operating_environment< 5.3.0.0.5.120

▶NVDdell/unity_xt_operating_environment< 5.3.0.0.5.120

▶NVDdell/unityvsa_operating_environment< 5.3.0.0.5.120

▶CVEListV5dell/unityVersions prior to 5.3.0.0.5.120

🔴Vulnerability Details

GHSA

GHSA-5p7c-7c2x-v2f8: Dell Unity prior to 5↗2023-11-22

▶

CVEList

CVE-2023-43082: Dell Unity prior to 5↗2023-11-22

▶