High
Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
---|---|---|---|
CVE-2023-32458 | Dell AppSync, versions 4.4.0.0 to 4.6.0.0 including Service Pack releases, contains an improper access control vulnerability in Embedded Service Enabler component. A local malicious user could potentially exploit this vulnerability during installation leading to a privilege escalation. | 7.3 | CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
---|---|---|---|
CVE-2023-32458 | Dell AppSync, versions 4.4.0.0 to 4.6.0.0 including Service Pack releases, contains an improper access control vulnerability in Embedded Service Enabler component. A local malicious user could potentially exploit this vulnerability during installation leading to a privilege escalation. | 7.3 | CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Product | Affected Versions | Updated Version | Link to Update | |
---|---|---|---|---|
Dell EMC AppSync | Versions 4.4.0.0, 4.5.0.0 and 4.6.0.0 including Service Pack releases | See Workaround and Mitigation | AppSync 4.6 Installation and Configuration Guide (dell.com) AppSync 4.5 Installation and Configuration Guide (dell.com) Dell EMC AppSync 4.4 SP1 Installation and Configuration Guide |
|
Product | Affected Versions | Updated Version | Link to Update | |
---|---|---|---|---|
Dell EMC AppSync | Versions 4.4.0.0, 4.5.0.0 and 4.6.0.0 including Service Pack releases | See Workaround and Mitigation | AppSync 4.6 Installation and Configuration Guide (dell.com) AppSync 4.5 Installation and Configuration Guide (dell.com) Dell EMC AppSync 4.4 SP1 Installation and Configuration Guide |
|
CVE | Workaround |
---|---|
CVE-2023-32458 | To mitigate this vulnerability, the user must verify the below prerequisite: The installation path or directory targeted for AppSync server installation is empty before performing a fresh install. AppSync 4.6.0.0 document: AppSync 4.6 Installation and Configuration Guide (dell.com)AppSync 4.5.0.0 document: AppSync 4.5 Installation and Configuration Guide (dell.com) AppSync 4.4.0.0 document: Dell EMC AppSync 4.4 SP1 Installation and Configuration Guide |
Revision | Date | Description |
---|---|---|
1.0 | 2023-09-27 | Initial Release |
2.0 | 2023-10-04 | Updated for enhanced presentation with no changes to content. |
3.0 | 2023-12-04 | Updated the Workaround and Mitigation section for more clarity |
4.0 | 2024-03-14 | Added details to Workaround and Mitigation section |
Dell Technologies would like to thank Gee-netics for reporting this issue.