admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-08 03:26:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2023/CVE-2023-44291.md

18 lines
1023 B
Markdown
Raw Normal View History

Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
### [CVE-2023-44291](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44291)
![](https://img.shields.io/static/v1?label=Product&message=Dell%20PowerProtect%20Data%20Manager%20DM5500%20Appliance&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20DM5500%205.14%20and%20below%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brighgreen)
### Description
Dell DM5500 5.14.0.0 contains an OS command injection vulnerability in the appliance. A remote attacker with high privileges could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.
### POC
#### Reference
No PoCs from references.
#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds
Reference in New Issue Copy Permalink