{"vulnerability": "cve-2023-2369", "sightings": [{"uuid": "ad4c39ec-6ee6-4bf6-bd41-8a043407a58b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23692", "type": "seen", "source": "https://t.me/cibsecurity/57297", "content": "\u203c CVE-2023-23692 \u203c\n\nDell EMC prior to version DDOS 7.9 contain(s) an OS command injection Vulnerability. An authenticated non admin attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-01T16:14:24.000000Z"}, {"uuid": "96f5f864-15e0-44cc-9bc9-7ad37c62ae1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23697", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8359", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-23697\n\ud83d\udd25 CVSS Score: 4.7 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: Dell Command | Intel vPro Out of Band, versions before 4.4.0, contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.\n\n\n\ud83d\udccf Published: 2023-02-13T07:24:11.185Z\n\ud83d\udccf Modified: 2025-03-21T14:50:26.922Z\n\ud83d\udd17 References:\n1. https://www.dell.com/support/kbdoc/en-us/000207929/dsa-2023-030", "creation_timestamp": "2025-03-21T15:19:39.000000Z"}, {"uuid": "f68b62d8-d79c-47c9-8cb6-f633ca0c22d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2369", "type": "seen", "source": "https://t.me/cibsecurity/63045", "content": "\u203c CVE-2023-2369 \u203c\n\nA vulnerability was found in SourceCodester Faculty Evaluation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/manage_restriction.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227645 was assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-28T16:27:21.000000Z"}, {"uuid": "5ee12a73-e761-41a2-9ddf-80eac89f2d40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23693", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2160", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-23693\n\ud83d\udd39 Description: \nDell VxRail, versions prior to 7.0.450, contains an OS command injection Vulnerability in DCManager command-line utility. A local high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.\n\n\n\ud83d\udccf Published: 2023-05-23T06:02:50.532Z\n\ud83d\udccf Modified: 2025-01-17T16:18:58.984Z\n\ud83d\udd17 References:\n1. https://www.dell.com/support/kbdoc/en-us/000213011/dsa-2023-071-dell-vxrail-security-update-for-multiple-third-party-component-vulnerabilities-7-0-450", "creation_timestamp": "2025-01-17T16:57:01.000000Z"}, {"uuid": "0edc3080-76b1-462a-90d4-d648cb9cdcd4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23694", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2172", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-23694\n\ud83d\udd39 Description: \nDell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.\n\n\n\ud83d\udccf Published: 2023-05-23T06:08:23.293Z\n\ud83d\udccf Modified: 2025-01-17T17:46:58.228Z\n\ud83d\udd17 References:\n1. https://www.dell.com/support/kbdoc/en-us/000213011/dsa-2023-071-dell-vxrail-security-update-for-multiple-third-party-component-vulnerabilities-7-0-450", "creation_timestamp": "2025-01-17T17:57:03.000000Z"}, {"uuid": "8d81ef26-f5b1-4036-b1cd-d0f36140334f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23695", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7379", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-23695\n\ud83d\udd25 CVSS Score: 5.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: \nDell Secure Connect Gateway (SCG) version 5.14.00.12 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.\n\n\n\ud83d\udccf Published: 2023-02-17T06:12:07.742Z\n\ud83d\udccf Modified: 2025-03-12T20:12:07.191Z\n\ud83d\udd17 References:\n1. https://www.dell.com/support/kbdoc/en-us/000208462/dsa-2023-020-dell-secure-connect-gateway-security-update-for-multiple-vulnerabilities", "creation_timestamp": "2025-03-12T20:42:43.000000Z"}, {"uuid": "fd48f5aa-60ac-4984-8a19-aa418582a653", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23695", "type": "seen", "source": "https://t.me/cibsecurity/58426", "content": "\u203c CVE-2023-23695 \u203c\n\nDell Secure Connect Gateway (SCG) version 5.14.00.12 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-17T12:13:06.000000Z"}, {"uuid": "896adbe2-0c21-4012-818c-398251d7b04d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23698", "type": "seen", "source": "https://t.me/cibsecurity/57890", "content": "\u203c CVE-2023-23698 \u203c\n\nDell Command | Update, Dell Update, and Alienware Update versions before 4.6.0 and 4.7.1 contain Insecure Operation on Windows Junction in the installer component. A local malicious user may potentially exploit this vulnerability leading to arbitrary file delete.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-10T16:57:33.000000Z"}, {"uuid": "9510aca4-be72-476f-890e-c78195ff7648", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23690", "type": "seen", "source": "https://t.me/cibsecurity/56712", "content": "\u203c CVE-2023-23690 \u203c\n\nCloud Mobility for Dell EMC Storage, versions 1.3.0.X and below contains an Improper Check for Certificate Revocation vulnerability. A threat actor does not need any specific privileges to potentially exploit this vulnerability. An attacker could perform a man-in-the-middle attack and eavesdrop on encrypted communications from Cloud Mobility to Cloud Storage devices. Exploitation could lead to the compromise of secret and sensitive information, cloud storage connection downtime, and the integrity of the connection to the Cloud devices.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-19T14:21:40.000000Z"}]}