CVE-2023-43068
Description
OS command injection in restricted SSH shell in Dell SmartFabric Storage Software v1.4 and earlier allows authenticated remote attackers to execute arbitrary commands.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
OS command injection in restricted SSH shell in Dell SmartFabric Storage Software v1.4 and earlier allows authenticated remote attackers to execute arbitrary commands.
Vulnerability
Dell SmartFabric Storage Software versions v1.4.0 and earlier contain an OS command injection vulnerability in the restricted shell in SSH. The vulnerability allows authenticated users to inject arbitrary commands through the restricted shell interface [1].
Exploitation
An attacker with valid credentials to the SmartFabric Storage Software can exploit this vulnerability by connecting via SSH and injecting commands into the restricted shell. No additional privileges or user interaction beyond authentication are required [1].
Impact
Successful exploitation enables the attacker to execute arbitrary operating system commands with the privileges of the SmartFabric Storage Software process. This could lead to full compromise of the affected system, including data exfiltration, modification, or denial of service [1].
Mitigation
Dell has released version v1.4.1 of the SmartFabric Storage Software, which addresses this vulnerability. Users should upgrade to v1.4.1 or later. The update is available for Debian package, ESXi, and Linux KVM deployments [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2<=1.4+ 1 more
- (no CPE)range: <=1.4
- (no CPE)range: v1.4.0 and prior
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.