Improper Check for Certificate Revocation

CVE-2023-23690

High

7/10

Summary

Cloud Mobility for Dell EMC Storage, versions 1.3.0.X and below contains an Improper Check for Certificate Revocation vulnerability. A threat actor does not need any specific privileges to potentially exploit this vulnerability. An attacker could perform a man-in-the-middle attack and eavesdrop on encrypted communications from Cloud Mobility to Cloud Storage devices. Exploitation could lead to the compromise of secret and sensitive information, cloud storage connection downtime, and the integrity of the connection to the Cloud devices.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: LOW

CWE-299 - Improper Check for Certificate Revocation

The software does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a certificate that has been compromised.

References

Advisory Timeline

Published Jan 19, 2023

Improper Check for Certificate Revocation

CVE-2023-23690

Summary

CWE-299 - Improper Check for Certificate Revocation

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS