CVE-2023-43069

Name of the Vulnerable Software and Affected Versions Dell SmartFabric Storage Software versions 1.4 and earlier

Description The issue is related to an OS Command Injection Vulnerability in the CLI of the Dell SmartFabric Storage Software. This vulnerability could allow an authenticated local attacker to potentially inject parameters to curl or docker, leading to the execution of arbitrary commands. The vulnerability is associated with insufficient checking of arguments passed to a command.

Recommendations For Dell SmartFabric Storage Software versions 1.4 and earlier, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the CLI to minimize the risk of exploitation. Avoid using the vulnerable CLI commands until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.