CVE-2023-44305
Published: 04 December 2023
Summary
CVE-2023-44305 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Dell Dm5500 Firmware. Its CVSS base score is 8.1 (High).
Operationally, ranked in the top 9.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
Dell DM5500 appliance version 5.14.0.0 contains a stack-based buffer overflow vulnerability tracked as CVE-2023-44305 and assigned CWE-121 and CWE-787. The flaw is present in the appliance itself and received a CVSS 3.1 base score of 8.1 reflecting network attack vector, high complexity, no required privileges or user interaction, and high impact across confidentiality, integrity, and availability.
An unauthenticated remote attacker can trigger the condition by sending specially crafted input data to the affected appliance, resulting in either a crash of the targeted process or arbitrary code execution on the system.
Dell published security advisory DSA-2023-425 that addresses this and related issues in the PowerProtect Data Manager DM5500 appliance; the corresponding knowledge-base article provides the official remediation steps and updated firmware or patches. The associated EPSS score has remained flat at 0.0516 with no material increase since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-48661
Vulnerability details
Dell DM5500 5.14.0.0, contains a Stack-based Buffer Overflow Vulnerability in the appliance. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input data.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.