CVE-2023-43072

Vulnerability

An improper access control vulnerability exists in the CLI of Dell SmartFabric Storage Software versions v1.4.0 and prior [1]. This flaw allows a local attacker, who may not require authentication, to bypass intended access restrictions and execute arbitrary shell commands [1].

Exploitation

An attacker with local access to the system can exploit the improper access control in the CLI without needing prior authentication [1]. The exact exploitation steps are not detailed in the available references, but the vulnerability enables the attacker to execute arbitrary shell commands directly through the CLI interface.

Impact

Successful exploitation grants the attacker the ability to execute arbitrary shell commands on the affected system [1]. This can lead to full compromise of the SmartFabric Storage Software, including unauthorized access to data, modification of system configurations, and potential disruption of storage services.

Mitigation

Dell has released version v1.4.1 of SmartFabric Storage Software to address this vulnerability [1]. Users are advised to upgrade to the fixed version using the appropriate Debian package for ESXi or Linux KVM deployments [1]. No workarounds are documented in the available references.