Dell Smartfabric Storage Software vulnerabilities
10 known vulnerabilities affecting dell/smartfabric_storage_software.
Total CVEs
10
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH4MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2023-32485P2CRITICALCVSS 9.8fixed in 1.4.02023-10-05
CVE-2023-32485 [CRITICAL] CWE-20 CVE-2023-32485: Dell SmartFabric Storage Software version 1.3 and lower contain an improper input validation vulner
Dell SmartFabric Storage Software version 1.3 and lower contain an improper input validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability and escalate privileges up to the highest administration level. This is a critical severity vulnerability affecting user authentication. Dell recommends customers to upgrade at t
nvd
CVE-2022-31232P2CRITICALCVSS 9.8v1.0.02022-08-30
CVE-2022-31232 [CRITICAL] CWE-78 CVE-2022-31232: SmartFabric storage software version 1.0.0 contains a Command-Injection vulnerability. A remote unau
SmartFabric storage software version 1.0.0 contains a Command-Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access and perform actions on the affected system.
nvd
CVE-2023-43068P3HIGHCVSS 8.8fixed in 1.4.12023-10-05
CVE-2023-43068 [HIGH] CWE-78 CVE-2023-43068: Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability
Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the restricted shell in SSH. An authenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary commands.
nvd
CVE-2023-4401P3HIGHCVSS 8.8fixed in 1.4.12023-10-05
CVE-2023-4401 [HIGH] CWE-77 CVE-2023-4401: Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability
Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the CLI use of the ‘more’ command. A local or remote authenticated attacker could potentially exploit this vulnerability, leading to the ability to gain root-level access.
nvd
CVE-2023-43069P3HIGHCVSS 7.8fixed in 1.4.12023-10-05
CVE-2023-43069 [HIGH] CWE-78 CVE-2023-43069: Dell SmartFabric Storage Software v1.4 (and earlier) contain(s) an OS Command Injection Vulnerabili
Dell SmartFabric Storage Software v1.4 (and earlier) contain(s) an OS Command Injection Vulnerability in the CLI. An authenticated local attacker could potentially exploit this vulnerability, leading to possible injection of parameters to curl or docker.
nvd
CVE-2023-43072P3HIGHCVSS 7.8fixed in 1.4.12023-10-05
CVE-2023-43072 [HIGH] CWE-284 CVE-2023-43072: Dell SmartFabric Storage Software v1.4 (and earlier) contains an improper access control vulnerabil
Dell SmartFabric Storage Software v1.4 (and earlier) contains an improper access control vulnerability in the CLI. A local possibly unauthenticated attacker could potentially exploit this vulnerability, leading to ability to execute arbritrary shell commands.
nvd
CVE-2023-43070P3MEDIUMCVSS 6.5fixed in 1.4.12023-10-05
CVE-2023-43070 [MEDIUM] CWE-22 CVE-2023-43070: Dell SmartFabric Storage Software v1.4 (and earlier) contains a Path Traversal Vulnerability in the
Dell SmartFabric Storage Software v1.4 (and earlier) contains a Path Traversal Vulnerability in the HTTP interface. A remote authenticated attacker could potentially exploit this vulnerability, leading to modify or write arbitrary files to arbitrary locations in the license container.
nvd
CVE-2023-43073P3MEDIUMCVSS 6.5fixed in 1.4.12023-10-05
CVE-2023-43073 [MEDIUM] CWE-20 CVE-2023-43073: Dell SmartFabric Storage Software v1.4 (and earlier) contains an Improper Input Validation vulnerab
Dell SmartFabric Storage Software v1.4 (and earlier) contains an Improper Input Validation vulnerability in RADIUS configuration. An authenticated remote attacker could potentially exploit this vulnerability, leading to gaining unauthorized access to data.
nvd
CVE-2026-35070P3MEDIUMCVSS 6.7fixed in 1.4.5fixed in 1.4.5 or later2026-05-20
CVE-2026-35070 [MEDIUM] CWE-77 CVE-2026-35070: Dell SmartFabric Storage Software, versions prior to 1.4.5, contains an Improper Neutralization of S
Dell SmartFabric Storage Software, versions prior to 1.4.5, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker.
nvd
CVE-2023-43071P4MEDIUMCVSS 5.4fixed in 1.4.12023-10-05
CVE-2023-43071 [MEDIUM] CWE-1236 CVE-2023-43071: Dell SmartFabric Storage Software v1.4 (and earlier) contains possible vulnerabilities for HTML inj
Dell SmartFabric Storage Software v1.4 (and earlier) contains possible vulnerabilities for HTML injection or CVS formula injection which might escalate to cross-site scripting attacks in HTML pages in the GUI. A remote authenticated attacker could potentially exploit these issues, leading to various injection type attacks.
nvd