CVE-2023-43069
Description
An OS command injection vulnerability in Dell SmartFabric Storage Software CLI allows authenticated local attackers to inject parameters to curl or docker.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An OS command injection vulnerability in Dell SmartFabric Storage Software CLI allows authenticated local attackers to inject parameters to curl or docker.
Vulnerability
Dell SmartFabric Storage Software versions v1.4.0 and prior contain an OS command injection vulnerability in the command-line interface (CLI). The flaw allows an authenticated local attacker to inject arbitrary parameters into curl or docker commands executed by the software [1].
Exploitation
An attacker must have local access to the system and valid authentication credentials. By crafting specially formatted input to the CLI, the attacker can inject additional parameters to curl or docker commands, potentially altering their behavior or executing unintended operations [1].
Impact
Successful exploitation could allow the attacker to execute arbitrary commands with the privileges of the SmartFabric Storage Software process, leading to potential information disclosure, data manipulation, or further system compromise [1].
Mitigation
Dell has released SmartFabric Storage Software version v1.4.1 which addresses this vulnerability. Users should upgrade to v1.4.1 or later. No workarounds are documented. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2<=1.4+ 1 more
- (no CPE)range: <=1.4
- (no CPE)range: v1.4.0 and prior
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.