{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-32465","assignerOrgId":"c550e75a-17ff-4988-97f0-544cde3820fe","state":"PUBLISHED","assignerShortName":"dell","dateReserved":"2023-05-09T06:05:24.994Z","datePublished":"2023-06-14T13:41:10.622Z","dateUpdated":"2024-12-30T15:41:20.511Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"PowerProtect Cyber Recovery","vendor":"Dell","versions":[{"status":"affected","version":"19.4 through 19.13.0.2"}]}],"datePublic":"2023-06-14T06:30:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n\n<span style=\"background-color: rgb(255, 255, 255);\">Dell Power Protect Cyber Recovery, contains an Authentication Bypass vulnerability. An attacker could potentially exploit this vulnerability, leading to unauthorized admin access to the Cyber Recovery application. Exploitation may lead to complete system takeover by an attacker.</span>\n\n"}],"value":"\nDell Power Protect Cyber Recovery, contains an Authentication Bypass vulnerability. An attacker could potentially exploit this vulnerability, leading to unauthorized admin access to the Cyber Recovery application. Exploitation may lead to complete system takeover by an attacker.\n\n"}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-644","description":"CWE-644: Improper Neutralization of HTTP Headers for Scripting Syntax","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"c550e75a-17ff-4988-97f0-544cde3820fe","shortName":"dell","dateUpdated":"2023-06-14T13:41:10.622Z"},"references":[{"tags":["vendor-advisory"],"url":"https://www.dell.com/support/kbdoc/en-us/000214943/dsa-2023-201-security-update-for-dell-powerprotect-cyber-recovery"}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T15:18:37.695Z"},"title":"CVE Program Container","references":[{"tags":["vendor-advisory","x_transferred"],"url":"https://www.dell.com/support/kbdoc/en-us/000214943/dsa-2023-201-security-update-for-dell-powerprotect-cyber-recovery"}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-12-30T15:41:08.289349Z","id":"CVE-2023-32465","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-12-30T15:41:20.511Z"}}]}}