Cyber Resilience

CVE-2023-44305

High

Published: 04 December 2023

Published
04 December 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0516 90.1th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-44305 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Dell Dm5500 Firmware. Its CVSS base score is 8.1 (High).

Operationally, ranked in the top 9.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

Dell DM5500 appliance version 5.14.0.0 contains a stack-based buffer overflow vulnerability tracked as CVE-2023-44305 and assigned CWE-121 and CWE-787. The flaw is present in the appliance itself and received a CVSS 3.1 base score of 8.1 reflecting network attack vector, high complexity, no required privileges or user interaction, and high impact across confidentiality, integrity, and availability.

An unauthenticated remote attacker can trigger the condition by sending specially crafted input data to the affected appliance, resulting in either a crash of the targeted process or arbitrary code execution on the system.

Dell published security advisory DSA-2023-425 that addresses this and related issues in the PowerProtect Data Manager DM5500 appliance; the corresponding knowledge-base article provides the official remediation steps and updated firmware or patches. The associated EPSS score has remained flat at 0.0516 with no material increase since disclosure.

EU & UK References

Vulnerability details

Dell DM5500 5.14.0.0, contains a Stack-based Buffer Overflow Vulnerability in the appliance. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input data.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

dell
dm5500 firmware
≤ 5.14.0.0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-787

Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.

References