Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-43589

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-24 Jan, 2022 | 20:10
Updated At-17 Sep, 2024 | 00:21
Rejected At-
Credits

Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior to 5.1.2.0.5.007 contain an operating system (OS) command injection Vulnerability. A locally authenticated user with high privileges may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the Unity underlying OS, with the privileges of the vulnerable application. Exploitation may lead to an elevation of privilege.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:24 Jan, 2022 | 20:10
Updated At:17 Sep, 2024 | 00:21
Rejected At:
▼CVE Numbering Authority (CNA)

Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior to 5.1.2.0.5.007 contain an operating system (OS) command injection Vulnerability. A locally authenticated user with high privileges may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the Unity underlying OS, with the privileges of the vulnerable application. Exploitation may lead to an elevation of privilege.

Affected Products
Vendor
Dell Inc.Dell
Product
Unity
Versions
Affected
  • From unspecified before 5.1.2.0.5.007 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-77CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
Type: CWE
CWE ID: CWE-77
Description: CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
Metrics
VersionBase scoreBase severityVector
3.16.0MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Version: 3.1
Base score: 6.0
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000194836/dsa-2021-271-dell-emc-unity-dell-emc-unity-vsa-and-dell-emc-unity-xt-security-update-for-multiple-vulnerabilities
x_refsource_MISC
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000194836/dsa-2021-271-dell-emc-unity-dell-emc-unity-vsa-and-dell-emc-unity-xt-security-update-for-multiple-vulnerabilities
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000194836/dsa-2021-271-dell-emc-unity-dell-emc-unity-vsa-and-dell-emc-unity-xt-security-update-for-multiple-vulnerabilities
x_refsource_MISC
x_transferred
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000194836/dsa-2021-271-dell-emc-unity-dell-emc-unity-vsa-and-dell-emc-unity-xt-security-update-for-multiple-vulnerabilities
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:24 Jan, 2022 | 20:15
Updated At:28 Jan, 2022 | 17:52

Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior to 5.1.2.0.5.007 contain an operating system (OS) command injection Vulnerability. A locally authenticated user with high privileges may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the Unity underlying OS, with the privileges of the vulnerable application. Exploitation may lead to an elevation of privilege.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Secondary3.16.0MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Primary2.07.2HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.0
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.2
Base severity: HIGH
Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
Dell Inc.
dell
>>emc_unity_operating_environment>>Versions before 5.1.2.0.5.007(exclusive)
cpe:2.3:a:dell:emc_unity_operating_environment:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>emc_unity_xt_operating_environment>>Versions before 5.1.2.0.5.007(exclusive)
cpe:2.3:a:dell:emc_unity_xt_operating_environment:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>emc_unityvsa_operating_environment>>Versions before 5.1.2.0.5.007(exclusive)
cpe:2.3:a:dell:emc_unityvsa_operating_environment:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-78Primarynvd@nist.gov
CWE-77Secondarysecurity_alert@emc.com
CWE ID: CWE-78
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-77
Type: Secondary
Source: security_alert@emc.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.dell.com/support/kbdoc/en-us/000194836/dsa-2021-271-dell-emc-unity-dell-emc-unity-vsa-and-dell-emc-unity-xt-security-update-for-multiple-vulnerabilitiessecurity_alert@emc.com
Vendor Advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000194836/dsa-2021-271-dell-emc-unity-dell-emc-unity-vsa-and-dell-emc-unity-xt-security-update-for-multiple-vulnerabilities
Source: security_alert@emc.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

631Records found
CVE-2022-24419
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.04% / 11.38%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 21:45
Updated-16 Sep, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_m15_r4_firmwarealienware_m17_r4_firmwarealienware_x17_r1alienware_15_r3inspiron_3465latitude_3379_firmwareedge_gateway_3000alienware_m17_r3inspiron_15_5566vostro_3669edge_gateway_5100_firmwarewyse_7040_thin_client_firmwarevostro_3268_firmwareinspiron_3482_firmwarevostro_3660alienware_aurora_r8alienware_x15_r1_firmwarealienware_x15_r1embedded_box_pc_3000inspiron_3277wyse_7040_thin_clientvostro_14_5468_firmwarealienware_15_r3_firmwarealienware_15_r4vostro_3572_firmwareinspiron_3482alienware_m17_r4alienware_area_51m_r1_firmwarealienware_m17_r2inspiron_3510_firmwarealienware_area_51m_r2alienware_x17_r1_firmwarealienware_aurora_r8_firmwarexps_8930vostro_3572vostro_3669_firmwarealienware_m15_r3_firmwarealienware_13_r3_firmwareinspiron_3782_firmwarealienware_m17_r3_firmwareedge_gateway_5000vostro_14_5468alienware_m15_r4vostro_3668_firmwareinspiron_3565_firmwareinspiron_3477alienware_13_r3vostro_3667inspiron_3510latitude_3379edge_gateway_3000_firmwareinspiron_3277_firmwarevostro_3660_firmwarevostro_15_5568_firmwarevostro_15_5568alienware_17_r5alienware_m15_r2_firmwareinspiron_15_3573_firmwarealienware_area_51m_r1inspiron_3782inspiron_3582alienware_17_r4_firmwarealienware_m15_r2inspiron_3565edge_gateway_5000_firmwarevostro_3582_firmwareinspiron_3582_firmwarealienware_m17_r2_firmwareinspiron_3465_firmwareinspiron_3502_firmwarevostro_3267edge_gateway_5100xps_8930_firmwareinspiron_3477_firmwarealienware_17_r4inspiron_15_3573inspiron_14_3473vostro_3268embedded_box_pc_5000_firmwareembedded_box_pc_5000embedded_box_pc_3000_firmwarealienware_m15_r3inspiron_3502vostro_3267_firmwareinspiron_14_3473_firmwarealienware_15_r4_firmwarevostro_3582vostro_3667_firmwareinspiron_15_5566_firmwarealienware_area_51m_r2_firmwarealienware_17_r5_firmwarevostro_3668CPG BIOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-24417
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.05% / 14.27%
||
7 Day CHG~0.00%
Published-26 May, 2022 | 15:20
Updated-16 Sep, 2024 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

Action-Not Available
Vendor-Dell Inc.
Product-inspiron_5515_firmwarevostro_5515_firmwareinspiron_3180vostro_3515_firmwareinspiron_3185_firmwareinspiron_22-3275_firmwaredell_g5_5505_firmwareinspiron_3185inspiron_3585inspiron_7405_firmwareinspiron_5515inspiron_5675_firmwareinspiron_5415_firmwareinspiron_5405_firmwareinspiron_27_7775_firmwareinspiron_3505_firmwareinspiron_5585inspiron_5775_firmwareinspiron_7375_firmwareinspiron_5575_firmwareinspiron_3785vostro_5415inspiron_7415_firmwareinspiron_3515inspiron_5415inspiron_3785_firmwareinspiron_7415vostro_3405_firmwareinspiron_3195inspiron_24-3475vostro_3515inspiron_3515_firmwareinspiron_3180_firmwareinspiron_5575inspiron_24-3475_firmwareinspiron_3195_firmwareinspiron_5505inspiron_3505inspiron_3595inspiron_27_7775inspiron_5505_firmwarevostro_5515dell_g5_5505inspiron_3595_firmwareinspiron_7375inspiron_3585_firmwareinspiron_5485_firmwareinspiron_5585_firmwareinspiron_7405inspiron_22-3275inspiron_5675vostro_5415_firmwareinspiron_5405inspiron_5775vostro_3405inspiron_5485CPG BIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2022-22558
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.7||MEDIUM
EPSS-0.05% / 14.18%
||
7 Day CHG~0.00%
Published-21 Apr, 2022 | 20:50
Updated-17 Sep, 2024 | 01:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge Server BIOS and Dell Precision Workstation 7910 and 7920 Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A Local High Privileged attacker could potentially exploit this vulnerability leading to arbitrary writes or denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-m630pt430_firmwarefc430_firmwarem630p_firmwarem630_firmwarem830_firmwaret630c6320_firmwarefc830r430r430_firmwarec6320fc630r730xd_firmwarer7415r830_firmwarefc430r530_firmwarem830p_firmwarer6415_firmwarefc830_firmwaret630_firmwarer730_firmwaret430r6415r530r630c4130m630r7425_firmwarer7415_firmwarer730c4130_firmwarer830m830r630_firmwarer7425m830pfc630_firmwarer730xdPowerEdge Platform
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-1203
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-1.08% / 76.95%
||
7 Day CHG~0.00%
Published-26 Mar, 2018 | 18:00
Updated-16 Sep, 2024 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary with root privileges. In versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, the tcpdump binary, being run with sudo, may potentially be used by compadmin to execute arbitrary code with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-emc_isilon_onefsIsilon OneFS
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2021-21553
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.03% / 7.80%
||
7 Day CHG~0.00%
Published-02 Aug, 2021 | 23:45
Updated-17 Sep, 2024 | 03:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 8.1.0-9.1.0 contain an Incorrect User Management vulnerability.under some specific conditions, this can allow the CompAdmin user to elevate privileges and break out of Compliance mode. This is a critical vulnerability and Dell recommends upgrading at the earliest.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-286
Incorrect User Management
CVE-2022-34408
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.03% / 8.41%
||
7 Day CHG~0.00%
Published-16 Mar, 2023 | 11:07
Updated-26 Feb, 2025 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-r750xa_firmwaret430_firmwarer6515_firmwaret350_firmwarefc430_firmwarem630_firmwaret550_firmwarer430nx3330r750xac6420r6515fc430r530_firmwarer930_firmwarer450r650_firmwarer6415t130_firmwarec6520_firmwaret440xe7420m630r640_firmwarer740r550_firmwarec4130_firmwarer830r940xar7515_firmwaret340_firmwarer240_firmwarer630_firmwarenx3230fc640_firmwarem830pr250fc630_firmwarer940xa_firmwarexe2420_firmwarenx3340t640_firmwarer940_firmwarexe7440r230_firmwarem830_firmwarec4140_firmwarec6320_firmwarexr12_firmwarem640pr750fc630r730xd_firmwarer7415r550r6415_firmwarer340xe8545r650nx430_firmwarefc640r630c4130r740xd2_firmwarer7425_firmwarer240c6420_firmwaret330_firmwaremx740cr7425r330_firmwarec6525t140r750xs_firmwarer330nx430r640nx440_firmwaremx840cm630pnx3340_firmwarer750xst630m640c6320r430_firmwarer650xsr350t150_firmwarer750_firmwaret150r6525mx840c_firmwarer740_firmwarer450_firmwarenx3240_firmwarec4140t630_firmwaret340t130t430r440_firmwarer530dss8440_firmwaremx740c_firmwarer250_firmwarer940r340_firmwarer7415_firmwarer840r730nx3240m830m640p_firmwarexe8545_firmwarer440r740xd2r7525_firmwarer6525_firmwarer730xdr540r230mx750c_firmwarer840_firmwarer740xd_firmwarer7525xe2420xr11_firmwaredss8440xr11m630p_firmwarefc830r350_firmwaret550xr12nx3330_firmwaremx750cnx440t640r830_firmwarer540_firmwarem830p_firmwaret350fc830_firmwaret140_firmwarexe7440_firmwarer730_firmwarexr2m640_firmwarer740xdr7515t330c6525_firmwarexe7420_firmwarer650xs_firmwaret440_firmwarexr2_firmwarer930nx3230_firmwarec6520PowerEdge Platform
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-21554
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.1||MEDIUM
EPSS-0.05% / 14.69%
||
7 Day CHG~0.00%
Published-14 Jun, 2021 | 19:10
Updated-16 Sep, 2024 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and, Dell Precision 7920 Rack Workstation BIOS contain a stack-based buffer overflow vulnerability in systems with Intel Optane DC Persistent Memory installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.

Action-Not Available
Vendor-Dell Inc.
Product-poweredge_r740_firmwarepoweredge_r940xapoweredge_mx740c_firmwareprecision_7920_firmwarepoweredge_r640_firmwareprecision_7920poweredge_r940xa_firmwarepoweredge_r640poweredge_r840poweredge_mx840cpoweredge_mx740cpoweredge_r940_firmwarepoweredge_r840_firmwarepoweredge_r740xd_firmwarepoweredge_r940poweredge_r740poweredge_mx840c_firmwarepoweredge_r740xdPowerEdge BIOS Intel 15G
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21552
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.2||MEDIUM
EPSS-0.14% / 34.60%
||
7 Day CHG~0.00%
Published-21 May, 2021 | 20:05
Updated-16 Sep, 2024 | 23:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse Windows Embedded System versions WIE10 LTSC 2019 and earlier contain an improper authorization vulnerability. A local authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass the restricted environment and perform unauthorized actions on the affected system.

Action-Not Available
Vendor-Microsoft CorporationDell Inc.
Product-wyse_5070_thin_clientwyse_5470_all-in-one_thin_clientwyse_5470_thin_clientwindows_10Wyse Windows Embedded (WES)
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-21589
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.7||MEDIUM
EPSS-0.04% / 11.94%
||
7 Day CHG~0.00%
Published-12 Jul, 2021 | 15:40
Updated-17 Sep, 2024 | 03:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 do not exit on failed Initialization. A local authenticated Service user could potentially exploit this vulnerability to escalate privileges.

Action-Not Available
Vendor-Dell Inc.
Product-emc_unity_operating_environmentemc_unityvsa_operating_environmentemc_unity_xt_operating_environmentUnity
CVE-2021-21557
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.1||HIGH
EPSS-0.04% / 11.71%
||
7 Day CHG~0.00%
Published-14 Jun, 2021 | 19:10
Updated-16 Sep, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge Server BIOS and select Dell Precision Rack BIOS contain an out-of-bounds array access vulnerability. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of service, arbitrary code execution, or information disclosure in System Management Mode.

Action-Not Available
Vendor-Dell Inc.
Product-poweredge_r7515poweredge_m640ppoweredge_t140_firmwarepoweredge_r6515_firmwarepoweredge_r240poweredge_r7515_firmwarepoweredge_r440_firmwarepoweredge_m640poweredge_mx740c_firmwarepoweredge_r640_firmwarepoweredge_t440poweredge_m640p_firmwarepoweredge_r940xa_firmwarepoweredge_r7525_firmwarepoweredge_mx840cpoweredge_r6525poweredge_t640poweredge_mx740cpoweredge_r7525poweredge_r840_firmwarepoweredge_c4140_firmwarepoweredge_r940poweredge_r540poweredge_m640_firmwarepoweredge_mx840c_firmwarepoweredge_r540_firmwarepoweredge_r740xdpoweredge_r740_firmwarepoweredge_t340_firmwarepoweredge_r6415poweredge_r440poweredge_r740xd2_firmwarepoweredge_r340_firmwarepoweredge_c6525_firmwarepoweredge_c6525poweredge_xr2_firmwarepoweredge_r6515poweredge_r940xapoweredge_r340poweredge_r6415_firmwarepoweredge_r6525_firmwarepoweredge_c6420poweredge_fc640_firmwarepoweredge_r640poweredge_t640_firmwarepoweredge_c6420_firmwarepoweredge_r740xd2poweredge_r840poweredge_r7415_firmwarepoweredge_r7425poweredge_fc640poweredge_t340poweredge_r240_firmwarepoweredge_r7415poweredge_r7425_firmwarepoweredge_c4140poweredge_r940_firmwarepoweredge_t440_firmwarepoweredge_r740xd_firmwarepoweredge_t140poweredge_r740poweredge_xr2PowerEdge BIOS Intel 15G
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-22550
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 8.82%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 17:50
Updated-17 Sep, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 8.2.2 and above, contain a password disclosure vulnerability. An unprivileged local attacker could potentially exploit this vulnerability, leading to account take over.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-549
Missing Password Field Masking
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-22557
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.11% / 30.50%
||
7 Day CHG~0.00%
Published-02 Jun, 2022 | 21:00
Updated-16 Sep, 2024 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PowerStore contains Plain-Text Password Storage Vulnerability in PowerStore X & T environments running versions 2.0.0.x and 2.0.1.x A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

Action-Not Available
Vendor-Dell Inc.
Product-powerstore_xpowerstore_tpowerstoreosPowerStore
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-22566
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 11.71%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 20:00
Updated-17 Sep, 2024 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Select Dell Client Commercial and Consumer platforms contain a pre-boot direct memory access (DMA) vulnerability. An authenticated attacker with physical access to the system may potentially exploit this vulnerability in order to execute arbitrary code on the device.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_5401vostro_5391_firmwarexps_15_9510_firmwareinspiron_5583inspiron_7500_firmwareinspiron_7300_firmwarelatitude_3520precision_3541_firmwareinspiron_5591_2-in-1g5_5500precision_3561_firmwareinspiron_7506_2-in-1xps_17_9710_firmwareg7_7500precision_7560inspiron_5590_firmwarevostro_3881_firmwarevostro_3490_firmwarelatitude_7200_2-in-1latitude_5511_firmwareinspiron_5493precision_3550vostro_3888inspiron_3891_firmwareoptiplex_3090_ultra_firmwareinspiron_7490vostro_3888_firmwarexps_13_7390_2-in-1_firmwarelatitude_7420_firmwareprecision_7540inspiron_5501vostro_5501_firmwarelatitude_3310_2-in-1inspiron_5390_firmwarelatitude_9420inspiron_5490_firmwareoptiplex_3090_ultraalienware_area_51m_r1_firmwareoptiplex_5080inspiron_5400_aioinspiron_5502latitude_5511inspiron_7501precision_5550inspiron_7300_2-in-1xps_17_9700inspiron_7390_firmwarexps_7590alienware_m17_r3_firmwarelatitude_5300vostro_3400inspiron_3891vostro_5310g3_3500latitude_9410_firmwarevostro_7590optiplex_7090_firmwareinspiron_7300_2-in-1_firmwareinspiron_7706_2-in-1_firmwarelatitude_5300_2-in-1g15_5511_firmwarelatitude_7410_firmwarelatitude_7320latitude_7300optiplex_7090latitude_5310_2-in-1inspiron_5490_aio_firmwareinspiron_5491_aiolatitude_3420inspiron_14_5418_firmwareg5_5500_firmwarelatitude_rugged_7330_firmwarevostro_5491_firmwarelatitude_5500_firmwarelatitude_5410_firmwarelatitude_5310_2-in-1_firmwarexps_13_7390inspiron_7490_firmwareinspiron_5409latitude_3400_firmwarevostro_3890latitude_7400latitude_3510precision_3560_firmwareinspiron_5584precision_3520vostro_5401_firmwareinspiron_3880_firmwareinspiron_3511_firmwareinspiron_5310_firmwareinspiron_5501_firmwareoptiplex_5080_firmwareinspiron_14_5410inspiron_5493_firmwarelatitude_3400xps_17_9700_firmwarelatitude_3420_firmwarealienware_m15_r3g5_5000vostro_3590vostro_5390inspiron_5491_2-in-1_firmwareinspiron_15_5510vostro_5590_firmwareinspiron_7506_2-in-1_firmwarealienware_m17_r4_firmwarelatitude_7320_detachable_firmwarelatitude_9410inspiron_3790optiplex_7080_firmwareinspiron_5491_aio_firmwarelatitude_5310vostro_5391inspiron_5494latitude_3301inspiron_5594optiplex_7090_ultra_firmwarexps_13_9300xps_15_9500latitude_5500precision_3450inspiron_5508_firmwareprecision_7550_firmwarelatitude_3500_firmwarechengming_3991vostro_5591precision_5560inspiron_5400_aio_firmwareinspiron_7501_firmwareinspiron_7500_2-in-1_blackg15_5510_firmwareinspiron_3881_firmwarevostro_7510_firmwarelatitude_5521g3_3590vostro_7510optiplex_5480_all-in-one_firmwareinspiron_7791precision_3540latitude_5501inspiron_7510_firmwarelatitude_7400_firmwarevostro_3501latitude_7520inspiron_7500_2-in-1_black_firmwareprecision_3450_firmwarechengming_3990inspiron_5301latitude_3310g7_7700_firmwarevostro_5880_firmwarexps_17_9710inspiron_3493vostro_5410alienware_area_51m_r1inspiron_5402precision_7540_firmwareprecision_5750_firmwareinspiron_7700_aiovostro_3401_firmwareinspiron_7391_firmwarevostro_3881vostro_5401inspiron_5593latitude_5420_firmwareprecision_3561vostro_5390_firmwarelatitude_5520latitude_3410_firmwareinspiron_7510vostro_5300inspiron_7400_firmwareoptiplex_7490_aio_firmwareinspiron_3493_firmwareprecision_3530_firmwarelatitude_3320vostro_5301inspiron_5583_firmwarexps_13_9310_2-in-1_firmwarexps_15_9510inspiron_3590latitude_7210_2-in-1inspiron_7590vostro_5880precision_7750alienware_m15_r6_firmwarelatitude_3301_firmwarelatitude_3320_firmwarelatitude_rugged_7220_extreme_firmwarelatitude_9520_firmwareprecision_5560_firmwarevostro_3690_firmwareoptiplex_7080g15_5510latitude_5520_firmwareoptiplex_5090optiplex_5480_all-in-oneinspiron_15_5518inspiron_5591_2-in-1_firmwarealienware_area_51m_r2_firmwarevostro_7500_firmwarelatitude_5400alienware_m15_r4_firmwarelatitude_5410precision_3541xps_8940inspiron_5310vostro_5510_firmwareprecision_3551latitude_5401_firmwarealienware_m17_r3vostro_5491inspiron_7610latitude_rugged_7330vostro_5301_firmwarelatitude_7300_firmwarelatitude_5421vostro_5890latitude_9420_firmwarelatitude_5510inspiron_5400_2-in-1inspiron_5401_aio_firmwarelatitude_5400_firmwareinspiron_7610_firmwarevostro_5300_firmwareoptiplex_5090_firmwarevostro_3501_firmwareinspiron_5400_2-in-1_firmwareinspiron_7391inspiron_3593_firmwarealienware_m17_r4optiplex_7780_all-in-one_firmwareprecision_3440inspiron_5494_firmwareprecision_3440_firmwarevostro_5402optiplex_7090_ultrag5_5000_firmwareprecision_3640_firmwarelatitude_3310_2-in-1_firmwarealienware_m15_r3_firmwarelatitude_5320precision_3550_firmwarelatitude_7410latitude_3310_firmwareinspiron_3590_firmwarelatitude_5501_firmwarexps_13_7390_2-in-1vostro_3690optiplex_3280_all-in-one_firmwarexps_15_9500_firmwarelatitude_5411inspiron_5300_firmwareprecision_7760vostro_7500vostro_3500_firmwareinspiron_7306_2-in-1_firmwareinspiron_7590_firmwareinspiron_7791_firmwareprecision_7740_firmwarelatitude_7320_detachablelatitude_9520latitude_rugged_7220_extremeinspiron_5509vostro_3590_firmwareinspiron_5406_2-in-1_firmwareinspiron_5498vostro_3681inspiron_7500_2-in-1_silver_firmwarelatitude_7420inspiron_7591_firmwareinspiron_5300inspiron_7706_2-in-1latitude_7400_2-in-1_firmwareinspiron_5508precision_5550_firmwareinspiron_5491_2-in-1precision_3530g7_7500_firmwarelatitude_5411_firmwarelatitude_3510_firmwarelatitude_3120_firmwareinspiron_5590vostro_5490inspiron_3593inspiron_15_5518_firmwareprecision_7740inspiron_5301_firmwareinspiron_5408_firmwarelatitude_7310_firmwareinspiron_5498_firmwareprecision_5540vostro_5490_firmwareinspiron_7306_2-in-1xps_13_9310_firmwareinspiron_3790_firmwarexps_13_7390_firmwarelatitude_9510optiplex_3280_all-in-onelatitude_7520_firmwareprecision_5760_firmwarelatitude_5420inspiron_7300inspiron_3793_firmwareinspiron_5402_firmwarevostro_3681_firmwareinspiron_7390vostro_5890_firmwareprecision_7560_firmwarelatitude_9510_firmwareinspiron_5406_2-in-1precision_3650latitude_7400_2-in-1optiplex_5490_aio_firmwareprecision_7760_firmwareoptiplex_7070_ufflatitude_5300_2-in-1_firmwarevostro_5510inspiron_3511inspiron_3490latitude_7210_2-in-1_firmwarelatitude_rugged_5430_firmwarexps_13_9310inspiron_5410latitude_5510_firmwareg7_7700vostro_5502vostro_3510_firmwareoptiplex_7490_aioinspiron_5410_firmwareoptiplex_7780_all-in-oneinspiron_15_5510_firmwareinspiron_5490inspiron_3501_firmwareinspiron_5408vostro_5410_firmwarevostro_5502_firmwareprecision_3540_firmwarelatitude_5300_firmwareinspiron_3880g3_3500_firmwareoptiplex_3080_firmwarelatitude_3410precision_7550vostro_5402_firmwarevostro_3490latitude_rugged_7220inspiron_5391inspiron_3881inspiron_5598xps_13_9380latitude_5320_firmwarexps_7590_firmwareoptiplex_3080alienware_area_51m_r2inspiron_7500_2-in-1_silverinspiron_3501latitude_5310_firmwarelatitude_3500xps_13_9300_firmwareprecision_5750alienware_m15_r4inspiron_3793latitude_rugged_5430xps_9305_firmwarealienware_m15_r6inspiron_7591vostro_3890_firmwareoptiplex_5490_aiolatitude_7310inspiron_14_5410_firmwareinspiron_7790latitude_5421_firmwareg3_3590_firmwareinspiron_7500inspiron_7790_firmwareg15_5511inspiron_5584_firmwareprecision_5540_firmwareprecision_5760vostro_5590inspiron_5401_firmwarevostro_5501optiplex_7480_all-in-onechengming_3990_firmwarexps_8940_firmwarelatitude_7320_firmwarelatitude_3120latitude_rugged_7220_firmwareprecision_3520_firmwareprecision_3560inspiron_5594_firmwareprecision_3551_firmwareinspiron_5401_aioprecision_3640inspiron_7700_aio_firmwarevostro_3400_firmwarevostro_5310_firmwareinspiron_5509_firmwareinspiron_5593_firmwarelatitude_7200_2-in-1_firmwareinspiron_5598_firmwareoptiplex_7480_all-in-one_firmwareprecision_3650_firmwarevostro_3500xps_9305precision_3240_compactprecision_7750_firmwareinspiron_5391_firmwarelatitude_3520_firmwarevostro_3401inspiron_5490_aioinspiron_5502_firmwarechengming_3991_firmwarevostro_7590_firmwareinspiron_14_5418inspiron_3490_firmwareinspiron_5409_firmwareinspiron_7400xps_13_9380_firmwareinspiron_5390optiplex_7070_uff_firmwareprecision_3240_compact_firmwarelatitude_5521_firmwarevostro_3510inspiron_5401xps_13_9310_2-in-1vostro_5591_firmwareCPG BIOS
CWE ID-CWE-1190
DMA Device Enabled Too Early in Boot Phase
CVE-2020-5385
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.32%
||
7 Day CHG~0.00%
Published-18 Aug, 2020 | 20:40
Updated-17 Sep, 2024 | 02:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Encryption versions prior to 10.8 and Dell Endpoint Security Suite versions prior to 2.8 contain a privilege escalation vulnerability because of an incomplete fix for CVE-2020-5358. A local malicious user with low privileges could potentially exploit this vulnerability to gain elevated privilege on the affected system with the help of a symbolic link.

Action-Not Available
Vendor-Dell Inc.
Product-encryptionendpoint_security_suite_enterpriseDell Encryption Enterprise
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2020-26199
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.05% / 13.89%
||
7 Day CHG~0.00%
Published-05 Jan, 2021 | 21:40
Updated-16 Sep, 2024 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in multiple log files. A local authenticated attacker with access to the log files may use the exposed password to gain access with the privileges of the compromised user.

Action-Not Available
Vendor-Dell Inc.
Product-emc_unity_vsa_operating_environmentemc_unity_operating_environmentemc_unity_xt_operating_environmentUnity
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2024-52537
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.3||MEDIUM
EPSS-0.01% / 2.09%
||
7 Day CHG~0.00%
Published-11 Dec, 2024 | 07:26
Updated-04 Feb, 2025 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Client Platform Firmware Update Utility contains an Improper Link Resolution vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

Action-Not Available
Vendor-Dell Inc.Linux Kernel Organization, IncMicrosoft Corporation
Product-windowsdock_wd19_firmware_update_utilitylinux_kerneldock_wd22tb4_firmware_update_utilitydock_hd22q_firmware_update_utilityDell Client Platform BIOS
CWE ID-CWE-61
UNIX Symbolic Link (Symlink) Following
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2023-25940
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 13.38%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 10:14
Updated-11 Feb, 2025 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS version 9.5.0.0 contains improper link resolution before file access vulnerability in isi_gather_info. A high privileged local attacker could potentially exploit this vulnerability, leading to system takeover and it breaks the compliance mode guarantees.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2023-39251
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 8.29%
||
7 Day CHG~0.00%
Published-22 Dec, 2023 | 17:55
Updated-02 Aug, 2024 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an Improper Input Validation vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability in order to corrupt memory on the system.

Action-Not Available
Vendor-Dell Inc.
Product-precision_5560precision_5760latitude_5430_ruggedxps_15_9510xps_15_9510_firmwarexps_17_9710precision_3561_firmwarevostro_7510_firmwarelatitude_5521xps_17_9710_firmwarevostro_7510inspiron_7610latitude_5430_rugged_firmwareprecision_7560inspiron_7510_firmwareprecision_5760_firmwarelatitude_5521_firmwareprecision_3561latitude_7330_ruggedlatitude_7330_rugged_firmwareprecision_5560_firmwareprecision_7560_firmwareinspiron_7510precision_7760_firmwareinspiron_7610_firmwareprecision_7760CPG BIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2023-32490
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 6.87%
||
7 Day CHG~0.00%
Published-16 Aug, 2023 | 13:40
Updated-08 Oct, 2024 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS 8.2x -9.5x contains an improper privilege management vulnerability. A high privilege local attacker could potentially exploit this vulnerability, leading to system takeover.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-32489
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 0.52%
||
7 Day CHG~0.00%
Published-16 Aug, 2023 | 13:36
Updated-08 Oct, 2024 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS 8.2x -9.5x contains a privilege escalation vulnerability. A local attacker with high privileges could potentially exploit this vulnerability, to bypass mode protections and gain elevated privileges.  

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-280
Improper Handling of Insufficient Permissions or Privileges
CVE-2023-32494
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 6.87%
||
7 Day CHG~0.00%
Published-16 Aug, 2023 | 12:56
Updated-08 Oct, 2024 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, 8.0.x-9.5.x, contains an improper handling of insufficient privileges vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to elevation of privilege and affect in compliance mode also.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-274
Improper Handling of Insufficient Privileges
CVE-2023-32461
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5||MEDIUM
EPSS-0.07% / 20.52%
||
7 Day CHG~0.00%
Published-15 Sep, 2023 | 06:56
Updated-25 Sep, 2024 | 14:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, leading to corrupt memory and potentially escalate privileges.  

Action-Not Available
Vendor-Dell Inc.
Product-poweredge_r7515poweredge_r7615_firmwarepoweredge_r250poweredge_t560_firmwarepoweredge_r6515_firmwareemc_xc_core_xc6520_firmwarepoweredge_hs5610_firmwarepoweredge_xr4510c_firmwarepoweredge_xr12poweredge_r7515_firmwarepoweredge_xr8620t_firmwareemc_xc_core_xc450_firmwarepoweredge_r760xa_firmwarepoweredge_xr8620tpoweredge_mx750c_firmwarepoweredge_r750poweredge_r650_firmwareemc_xc_core_xc650_firmwarepoweredge_xe8640poweredge_c6520_firmwarepoweredge_xe9680poweredge_r550_firmwareemc_xc_core_xc750_firmwarepoweredge_t150_firmwarepoweredge_r760xd2_firmwarepoweredge_r250_firmwarepoweredge_r760_firmwarepoweredge_r550poweredge_r350_firmwarepoweredge_r750_firmwarepoweredge_xr4510cpoweredge_r660_firmwarepoweredge_c6525_firmwarepoweredge_c6525emc_xc_core_xc650poweredge_r6625_firmwarepoweredge_r750xspoweredge_t550_firmwarepoweredge_xr7620_firmwarepoweredge_r660poweredge_xr11_firmwarepoweredge_t350poweredge_r860poweredge_r650poweredge_r650xs_firmwarepoweredge_xr11poweredge_xr12_firmwarepoweredge_c6620poweredge_xr4520cpoweredge_r7625_firmwarepoweredge_r760xaemc_xc_core_xc7525_firmwarepoweredge_t560poweredge_t150poweredge_xe9680_firmwarepoweredge_r650xspoweredge_xr7620poweredge_xr5610_firmwarepoweredge_xr4520c_firmwarepoweredge_r7525_firmwarepoweredge_c6620_firmwarepoweredge_mx760c_firmwarepoweredge_r660xspoweredge_r6525poweredge_xe8545_firmwarepoweredge_r7525poweredge_r6615_firmwareemc_xc_core_xc750xa_firmwarepoweredge_r6615poweredge_mx760cpoweredge_xe8545emc_xc_core_xc7525poweredge_r750xapoweredge_t550emc_xc_core_xc750poweredge_r660xs_firmwarepoweredge_hs5620poweredge_r760xs_firmwarepoweredge_r6515poweredge_r760emc_xc_core_xc450poweredge_r6525_firmwarepoweredge_mx750cemc_xc_core_xc750xapoweredge_r960poweredge_r350poweredge_r7625poweredge_r450_firmwarepoweredge_xe8640_firmwarepoweredge_r750xa_firmwarepoweredge_r960_firmwarepoweredge_r760xspoweredge_r7615poweredge_r760xd2poweredge_c6520poweredge_xr5610poweredge_r450poweredge_r750xs_firmwarepoweredge_hs5610poweredge_t350_firmwarepoweredge_r860_firmwarepoweredge_r6625poweredge_hs5620_firmwareemc_xc_core_xc6520PowerEdge Platform
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2023-32469
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.03% / 8.22%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 08:14
Updated-02 Aug, 2024 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Precision Tower BIOS contains an Improper Input Validation vulnerability. A locally authenticated malicious user with admin privileges could potentially exploit this vulnerability to perform arbitrary code execution.

Action-Not Available
Vendor-Dell Inc.
Product-precision_5820_firmwareprecision_7820precision_7920_firmwareprecision_7820_firmwareprecision_7920precision_5820Dell Precision 5820 Tower, Dell Precision 7820 Tower, Dell Precision 7920 Tower
CWE ID-CWE-20
Improper Input Validation
CVE-2024-53292
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.2||HIGH
EPSS-0.02% / 4.05%
||
7 Day CHG~0.00%
Published-11 Dec, 2024 | 07:55
Updated-04 Feb, 2025 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell VxVerify, versions prior to x.40.405, contain a Plain-text Password Storage Vulnerability in the shell wrapper. A local high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable component with privileges of the compromised account.

Action-Not Available
Vendor-Dell Inc.
Product-vxrail_hyperconverged_infrastructureDell VxRail HCI
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-43587
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.03% / 8.07%
||
7 Day CHG~0.00%
Published-21 Dec, 2021 | 17:05
Updated-17 Sep, 2024 | 03:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerPath Management Appliance, versions 3.2, 3.1, 3.0 P01, 3.0, and 2.6, use hard-coded cryptographic key. A local high-privileged malicious user may potentially exploit this vulnerability to gain access to secrets and elevate to gain higher privileges.

Action-Not Available
Vendor-Dell Inc.
Product-powerpath_management_appliancePowerPath Management Appliance
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CVE-2024-47238
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.03% / 7.07%
||
7 Day CHG-0.00%
Published-12 Dec, 2024 | 17:38
Updated-04 Feb, 2025 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.

Action-Not Available
Vendor-Dell Inc.
Product-edge_gateway_3000embedded_box_pc_3000_firmwareedge_gateway_3003edge_gateway_5100_firmwareedge_gateway_5100embedded_box_pc_3000edge_gateway_3002_firmwareedge_gateway_3003_firmwareedge_gateway_3002edge_gateway_3001_firmwareedge_gateway_3200_firmwareedge_gateway_3001edge_gateway_3000_firmwareedge_gateway_5000_firmwareedge_gateway_3200edge_gateway_5000Dell Client Platform BIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2022-34450
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 17.65%
||
7 Day CHG~0.00%
Published-10 Feb, 2023 | 20:56
Updated-24 Mar, 2025 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PowerPath Management Appliance with version 3.3 contains Privilege Escalation vulnerability. An authenticated admin user could potentially exploit this issue and gain unrestricted control/code execution on the system as root.

Action-Not Available
Vendor-Dell Inc.
Product-powerpath_management_appliancePowerPath Management Appliance
CWE ID-CWE-183
Permissive List of Allowed Inputs
CVE-2021-36315
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.04% / 12.76%
||
7 Day CHG~0.00%
Published-12 Nov, 2021 | 22:15
Updated-17 Sep, 2024 | 00:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerScale Nodes contain a hardware design flaw. This may allow a local unauthenticated user to escalate privileges. This also affects Compliance mode and for Compliance mode clusters, is a critical vulnerability. Dell EMC recommends applying the workaround at your earliest opportunity.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_nodes_a3000_firmwareemc_powerscale_nodes_h5600_firmwareemc_powerscale_nodes_f810_firmwareemc_powerscale_nodes_h400_firmwareemc_powerscale_nodes_h700emc_powerscale_nodes_h5600emc_powerscale_nodes_h700_firmwareemc_powerscale_nodes_x410emc_powerscale_nodes_a200_firmwareemc_powerscale_nodes_f200_firmwareemc_powerscale_nodes_x210emc_powerscale_nodes_a100_firmwareemc_powerscale_nodes_s210_firmwareemc_powerscale_nodes_f800_firmwareemc_powerscale_nodes_f600_firmwareemc_powerscale_nodes_f600emc_powerscale_nodes_a300_firmwareemc_powerscale_nodes_a200emc_powerscale_nodes_a3000emc_powerscale_nodes_h7000_firmwareemc_powerscale_nodes_x210_firmwareemc_powerscale_nodes_a2000emc_powerscale_nodes_f200emc_powerscale_nodes_h500_firmwareemc_powerscale_nodes_s210emc_powerscale_nodes_nl410emc_powerscale_nodes_h400emc_powerscale_nodes_h7000emc_powerscale_nodes_h600emc_powerscale_nodes_nl410_firmwareemc_powerscale_nodes_a100emc_powerscale_nodes_x410_firmwareemc_powerscale_nodes_a300emc_powerscale_nodes_a2000_firmwareemc_powerscale_nodes_f810emc_powerscale_nodes_h500emc_powerscale_nodes_f800emc_powerscale_nodes_h600_firmwarePowerScale Nodes
CVE-2021-36324
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.04% / 10.88%
||
7 Day CHG~0.00%
Published-12 Nov, 2021 | 22:15
Updated-16 Sep, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Action-Not Available
Vendor-Dell Inc.
Product-inspiron_15_7570_firmwarelatitude_5401g7_7590inspiron_3470latitude_e7270optiplex_7770_firmwarevostro_3669inspiron_5491_firmwareprecision_7820_firmwareinspiron_5477_firmwarelatitude_5179inspiron_15_7577latitude_7380_firmwarevostro_3888xps_13_9370inspiron_5570vostro_3888_firmwarewyse_7040latitude_e5270precision_7540alienware_15_r3_firmwareprecision_3420wyse_5070inspiron_5490_firmwarealienware_area_51m_r1_firmwarelatitude_5590optiplex_5080latitude_5511inspiron_7580_firmwarealienware_m15_r1_firmwareprecision_7720precision_7920alienware_m17_r3_firmwarelatitude_5300vostro_5581_firmwarelatitude_3380_firmwareprecision_5530_firmwareoptiplex_5040latitude_rugged_5420vostro_15_7580inspiron_14_5468optiplex_5050alienware_aurora_r11latitude_3470latitude_7300g5_5590xps_13_9360vostro_14_3478_firmwareoptiplex_3060_firmwarelatitude_3590_firmwarelatitude_7490_firmwarealienware_m15_r2precision_5520latitude_7400latitude_5591precision_3620precision_5820inspiron_3471latitude_3390optiplex_5050_firmwareprecision_7520_firmwareoptiplex_7071_firmwarelatitude_5175_firmwareinspiron_7586optiplex_3040_firmwareoptiplex_5070precision_3630_firmwareprecision_3430g5_5000inspiron_7700inspiron_13_5378_firmwarelatitude_7285_firmwarexps_13_9370_firmwarevostro_3581_firmwarelatitude_7275vostro_3581xps_15_9575latitude_9410inspiron_7777optiplex_7070latitude_3570optiplex_7080_firmwareoptiplex_5480_firmwareinspiron_15_5578_firmwarelatitude_5310latitude_rugged_7424_firmwarevostro_3268_firmwarevostro_3660alienware_aurora_r8alienware_x15_r1inspiron_5400latitude_7480_firmwarevostro_14_5468_firmwarelatitude_e5470_firmwarechengming_3977vostro_5090latitude_3190vostro_5370alienware_aurora_r8_firmwareinspiron_5580_firmwareinspiron_3881_firmwarelatitude_rugged_7424latitude_5488g3_3590optiplex_5260latitude_7380precision_3540alienware_aurora_r11_firmwarevostro_14_5468optiplex_7780optiplex_3280xps_15_9560inspiron_3580_firmwareinspiron_3781_firmwarevostro_5370_firmwarewyse_5070_firmwarevostro_3670_firmwarelatitude_7275_firmwareinspiron_3280_firmwarelatitude_3310precision_7520vostro_15_3578_firmwarevostro_3660_firmwareinspiron_5482latitude_7290g7_7587_firmwarealienware_area_51m_r1precision_7540_firmwareoptiplex_7760latitude_7480vostro_3881wyse_5470_firmwareinspiron_7580inspiron_3668inspiron_5770alienware_m17_r2_firmwarelatitude_3580inspiron_3668_firmwarelatitude_5285optiplex_7780_firmwareinspiron_5480_firmwarelatitude_3551optiplex_xe3_firmwareinspiron_7590vostro_5880vostro_3268optiplex_7070_firmwarevostro_3584optiplex_xe3precision_5510inspiron_7370precision_3240vostro_3481_firmwarelatitude_5491optiplex_3240_firmwareoptiplex_7040inspiron_7386alienware_aurora_r12latitude_7280latitude_5400latitude_5410inspiron_7373_firmwareprecision_3541xps_8940optiplex_7050_firmwareprecision_7730_firmwarelatitude_3379_firmwarelatitude_5401_firmwarealienware_m17_r3precision_7730inspiron_7380precision_3240_firmwarelatitude_7285latitude_5400_firmwareprecision_3420_firmwarevostro_3671_firmwareprecision_3440latitude_rugged_7220ex_firmwareprecision_7510_firmwareg5_5000_firmwareoptiplex_7460_firmwareoptiplex_5250_firmwareinspiron_5680_firmwarealienware_m15_r3_firmwareinspiron_3576inspiron_3671_firmwareprecision_3550_firmwarevostro_3668_firmwarelatitude_3310_firmwarevostro_15_7580_firmwareinspiron_3781inspiron_3576_firmwareg7_7588_firmwarelatitude_3570_firmwareoptiplex_3050_firmwareinspiron_7590_firmwarelatitude_rugged_5414_firmwareprecision_7740_firmwareinspiron_15_3567alienware_m15_r2_firmwarelatitude_7389vostro_3681inspiron_5570_firmwareinspiron_3481inspiron_3780_firmwareprecision_3530g7_7588latitude_5411_firmwareinspiron_3470_firmwareinspiron_5370inspiron_7467_firmwareprecision_7740inspiron_3481_firmwareprecision_5530latitude_7310_firmwareinspiron_15_5579_firmwarelatitude_9510inspiron_5770_firmwareinspiron_7586_firmwarelatitude_rugged_extreme_7214latitude_3180_firmwarevostro_3681_firmwarealienware_m17_r1_firmwarevostro_3580_firmwareinspiron_3581_firmwareinspiron_17_7773latitude_9510_firmwarelatitude_3490_firmwareprecision_5720_firmwareg7_7587vostro_3668optiplex_7770optiplex_5270latitude_7280_firmwarevostro_3670latitude_5280latitude_5179_firmwareinspiron_5490inspiron_15_5578latitude_5300_firmwareinspiron_3880inspiron_5580latitude_5480_firmwareinspiron_3277precision_7550xps_7590_firmwareoptiplex_3080alienware_m17_r1latitude_3480latitude_rugged_5424_firmwarevostro_3671inspiron_7591latitude_7310inspiron_7790g3_3590_firmwareinspiron_7790_firmwarealienware_13_r3latitude_3379vostro_3584_firmwarechengming_3990_firmwarevostro_15_5568precision_3520_firmwarechengming_3980inspiron_7567_firmwareoptiplex_7060vostro_14_3468_firmwarelatitude_5290_firmwareinspiron_13_5379_firmwareg5_5090_firmwarelatitude_7390latitude_3390_firmwareprecision_7750_firmwarealienware_aurora_r12_firmwareprecision_3431precision_7510vostro_3480_firmwarechengming_3991_firmwarevostro_7590_firmwareprecision_3510_firmwareinspiron_7370_firmwarelatitude_7389_firmwarelatitude_e7470optiplex_5040_firmwareinspiron_3581latitude_rugged_tablet_7212_firmwareoptiplex_7480inspiron_5400_firmwareinspiron_15_5566_firmwarelatitude_5488_firmwarealienware_17_r5_firmwareoptiplex_5480precision_3541_firmwarealienware_m15_r1precision_7920_firmwareinspiron_15_7572alienware_aurora_r7_firmwareinspiron_3476_firmwareinspiron_5680vostro_3881_firmwareinspiron_7373latitude_5511_firmwareinspiron_15_7573_firmwareoptiplex_7040_firmwareprecision_3550latitude_7370latitude_7370_firmwareoptiplex_7440_firmwareoptiplex_5070_firmwarealienware_15_r4latitude_5490alienware_m17_r2inspiron_7567vostro_3070_firmwarelatitude_rugged_extreme_7414xps_7590optiplex_7071vostro_3481inspiron_7786latitude_9410_firmwarevostro_7590latitude_e7270_firmwarelatitude_5280_firmwareg5_5587_firmwarelatitude_3180inspiron_3268latitude_e5470optiplex_3070_firmwarelatitude_7410_firmwarevostro_3667latitude_e7470_firmwareprecision_7720_firmwareinspiron_3476inspiron_13_5378inspiron_3780inspiron_7380_firmwarelatitude_7390_firmwarelatitude_5500_firmwareprecision_7710latitude_5410_firmwarevostro_5090_firmwareprecision_3520inspiron_17_7773_firmwareg7_7790latitude_e5570inspiron_3880_firmwareg5_5090optiplex_3050optiplex_5080_firmwareinspiron_15_7570latitude_e5270_firmwareoptiplex_7480_firmwarevostro_3471latitude_rugged_5420_firmwarelatitude_rugged_extreme_7214_firmwareinspiron_3480_firmwareg5_5590_firmwarealienware_m15_r3inspiron_7700_firmwareoptiplex_5060_firmwarelatitude_3470_firmwareprecision_7530_firmwarealienware_x17_r1latitude_rugged_5424vostro_3583_firmwareinspiron_15_5566latitude_3190_firmwarealienware_aurora_ryzen_edition_firmwareg3_3779_firmwarevostro_15_3578latitude_5500inspiron_15_5582precision_7550_firmwarewyse_7040_firmwarelatitude_5285_firmwareinspiron_5477chengming_3991latitude_5288_firmwarelatitude_rugged_extreme_7414_firmwareinspiron_5480inspiron_3471_firmwarevostro_3669_firmwarelatitude_5501latitude_7400_firmwareprecision_7710_firmwarelatitude_3590inspiron_7472_firmwareoptiplex_5260_firmwarechengming_3990vostro_3583latitude_5491_firmwarevostro_5880_firmwareprecision_3630xps_15_9560_firmwarevostro_14_3468optiplex_3060optiplex_5060chengming_3988_firmwareinspiron_5491inspiron_5482_firmwarevostro_5481inspiron_7467precision_3530_firmwareprecision_3930_firmwarelatitude_rugged_tablet_7212latitude_5580_firmwarelatitude_7200inspiron_3477_firmwarelatitude_3189vostro_3580precision_7750inspiron_7472latitude_5175inspiron_14_3467_firmwareprecision_3620_firmwareoptiplex_3280_firmwarevostro_15_3568embedded_box_pc_5000inspiron_3580vostro_3267_firmwarevostro_3470_firmwareg3_3579inspiron_7386_firmwareoptiplex_7080alienware_aurora_r9alienware_area_51m_r2_firmwareoptiplex_7440latitude_5480alienware_15_r3vostro_5471_firmwareoptiplex_7470optiplex_3046xps_15_9575_firmwarelatitude_7210_firmwareinspiron_15_5582_firmwarealienware_x15_r1_firmwarelatitude_7300_firmwarelatitude_5510wyse_5470inspiron_5481precision_3440_firmwarealienware_x17_r1_firmwarexps_8930xps_27_7760inspiron_7786_firmwareprecision_3640_firmwareinspiron_15_5579vostro_15_3568_firmwarelatitude_7410latitude_5501_firmwarexps_27_7760_firmwareprecision_3430_firmwarelatitude_5411optiplex_7450_firmwareoptiplex_7450inspiron_15_3567_firmwareg3_3579_firmwarevostro_15_5568_firmwarelatitude_3480_firmwarelatitude_3189_firmwarexps_13_9360_firmwarealienware_17_r5optiplex_7760_firmwareinspiron_14_5468_firmwareinspiron_7591_firmwarelatitude_5290alienware_aurora_r7latitude_5289_firmwarechengming_3980_firmwarelatitude_5590_firmwareinspiron_15_7572_firmwarevostro_5481_firmwarelatitude_rugged_5414vostro_3267inspiron_14_3467inspiron_3671precision_5540alienware_17_r4precision_3930inspiron_3480latitude_3490inspiron_3670latitude_3300_firmwarevostro_5471alienware_15_r4_firmwarevostro_5581latitude_7200_firmwareg7_7790_firmwarelatitude_5510_firmwareinspiron_3670_firmwarevostro_15_7570latitude_e5570_firmwareprecision_3540_firmwareinspiron_7777_firmwareoptiplex_3046_firmwarelatitude_3380latitude_7210latitude_5289precision_7820vostro_3471_firmwareoptiplex_3080_firmwareoptiplex_3240precision_5510_firmwarelatitude_rugged_7220inspiron_3881xps_13_9380alienware_area_51m_r2latitude_5490_firmwarelatitude_5591_firmwarealienware_13_r3_firmwarelatitude_5310_firmwarevostro_3070inspiron_5481_firmwareprecision_5520_firmwarechengming_3988xps_15_7590inspiron_3477latitude_3300latitude_5580precision_5540_firmwareinspiron_3277_firmwareinspiron_5401_firmwarexps_8940_firmwareinspiron_3268_firmwarevostro_3480latitude_rugged_7220_firmwareprecision_3640alienware_17_r4_firmwarelatitude_rugged_7220exg5_5587latitude_3580_firmwarevostro_3470alienware_aurora_r9_firmwareoptiplex_3070inspiron_3280optiplex_3040precision_5720latitude_7290_firmwareoptiplex_5270_firmwareprecision_7530inspiron_5370_firmwarelatitude_3551_firmwarexps_8930_firmwarechengming_3977_firmwareoptiplex_7470_firmwareoptiplex_7460g7_7590_firmwarexps_15_7590_firmwareembedded_box_pc_5000_firmwareinspiron_15_7573optiplex_7050precision_3431_firmwareprecision_3510vostro_14_3478xps_13_9380_firmwareinspiron_13_5379latitude_5288latitude_7490optiplex_7060_firmwareg3_3779precision_5820_firmwareinspiron_5401optiplex_5250vostro_3667_firmwarealienware_aurora_ryzen_editioninspiron_15_7577_firmwarevostro_15_7570_firmwareCPG BIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2021-21518
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 9.52%
||
7 Day CHG~0.00%
Published-12 Mar, 2021 | 20:10
Updated-16 Sep, 2024 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_business_pcssupportassist_for_home_pcssupportassist_client_promanageDell SupportAssist Client
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-21591
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.12% / 31.26%
||
7 Day CHG~0.00%
Published-12 Jul, 2021 | 15:40
Updated-17 Sep, 2024 | 03:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

Action-Not Available
Vendor-Dell Inc.
Product-emc_unity_operating_environmentemc_unityvsa_operating_environmentemc_unity_xt_operating_environmentUnity
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-21590
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.12% / 31.26%
||
7 Day CHG~0.00%
Published-12 Jul, 2021 | 15:40
Updated-16 Sep, 2024 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

Action-Not Available
Vendor-Dell Inc.
Product-emc_unity_operating_environmentemc_unityvsa_operating_environmentemc_unity_xt_operating_environmentUnity
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-21555
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.1||MEDIUM
EPSS-0.15% / 36.32%
||
7 Day CHG~0.00%
Published-14 Jun, 2021 | 19:10
Updated-16 Sep, 2024 | 22:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a heap-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.

Action-Not Available
Vendor-Dell Inc.
Product-poweredge_r740_firmwarepoweredge_r940xapoweredge_mx740c_firmwarepoweredge_r640_firmwarepoweredge_r940xa_firmwarepoweredge_r640poweredge_t640_firmwarepoweredge_r840poweredge_mx840cpoweredge_t640poweredge_mx740cpoweredge_r940_firmwarepoweredge_r840_firmwarepoweredge_r740xd_firmwarepoweredge_r940poweredge_r740poweredge_mx840c_firmwarepoweredge_r740xdPowerEdge BIOS Intel 15G
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21556
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.1||MEDIUM
EPSS-0.05% / 14.69%
||
7 Day CHG~0.00%
Published-14 Jun, 2021 | 19:10
Updated-17 Sep, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a stack-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.

Action-Not Available
Vendor-Dell Inc.
Product-poweredge_r740_firmwarepoweredge_r940xapoweredge_mx740c_firmwarepoweredge_r640_firmwarepoweredge_r940xa_firmwarepoweredge_r640poweredge_t640_firmwarepoweredge_r840poweredge_mx840cpoweredge_t640poweredge_mx740cpoweredge_r940_firmwarepoweredge_r840_firmwarepoweredge_r740xd_firmwarepoweredge_r940poweredge_r740poweredge_mx840c_firmwarepoweredge_r740xdPowerEdge BIOS Intel 15G
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-5348
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 30.88%
||
7 Day CHG~0.00%
Published-03 Apr, 2020 | 23:20
Updated-17 Sep, 2024 | 03:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a UAF vulnerability in EFI_BOOT_SERVICES in system management mode. A local unauthenticated attacker may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in system management mode.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_7202_firmwarelatitude_7202CPG BIOS
CWE ID-CWE-416
Use After Free
CVE-2020-5363
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.6||HIGH
EPSS-0.05% / 14.43%
||
7 Day CHG~0.00%
Published-10 Jun, 2020 | 20:40
Updated-16 Sep, 2024 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell's manageability interface without knowledge of the current BIOS Admin password. This could potentially allow an unauthorized actor, with physical access and/or OS administrator privileges to the device, to gain privileged access to the platform and the hard drive.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_7300latitude_5401precision_7740_firmwareprecision_3541precision_3541_firmwarelatitude_5401_firmwareprecision_7540_firmwarelatitude_5500_firmwareprecision_3540_firmwarelatitude_5300_firmwarexps_13_9300xps_7390_2-in-1_firmwarelatitude_7300_firmwarelatitude_5500latitude_7400latitude_5400_firmwarelatitude_7200_2_in_1_firmwarelatitude_7220_firmwareprecision_7540precision_7740latitude_7220ex_rugged_extreme_tabletxps_7590_firmwarelatitude_7220ex_rugged_extreme_tablet_firmwarexps_7590latitude_7220latitude_7200_2_in_1latitude_5501latitude_5300latitude_7400_firmwareprecision_3540xps_13_9300_firmwarexps_7390_2-in-1latitude_5501_firmwarelatitude_5300_2-in-1latitude_5300_2-in-1_firmwarelatitude_5400Dell Client Consumer and Commercial platforms
CWE ID-CWE-158
Improper Neutralization of Null Byte or NUL Character
CVE-2020-5358
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 2.48%
||
7 Day CHG~0.00%
Published-15 Jun, 2020 | 20:20
Updated-17 Sep, 2024 | 01:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Encryption versions prior to 10.7 and Dell Endpoint Security Suite versions prior to 2.7 contain a privilege escalation vulnerability due to incorrect permissions. A local malicious user with low privileges could potentially exploit this vulnerability to gain elevated privilege on the affected system with the help of a symbolic link.

Action-Not Available
Vendor-Dell Inc.
Product-encryptionendpoint_security_suite_enterpriseDell Encryption Enterprise
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2020-29501
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.03% / 6.61%
||
7 Day CHG~0.00%
Published-05 Jan, 2021 | 21:40
Updated-16 Sep, 2024 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore X & T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerstoreemc_powerstore_firmwarePowerStore
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2022-34406
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.03% / 8.41%
||
7 Day CHG~0.00%
Published-16 Mar, 2023 | 11:00
Updated-26 Feb, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-r750xa_firmwaret430_firmwarer6515_firmwaret350_firmwarefc430_firmwarem630_firmwaret550_firmwarer430nx3330r750xac6420r6515fc430r530_firmwarer930_firmwarer450r650_firmwarer6415t130_firmwarec6520_firmwaret440xe7420m630r640_firmwarer740r550_firmwarec4130_firmwarer830r940xar7515_firmwaret340_firmwarer240_firmwarer630_firmwarenx3230fc640_firmwarem830pr250fc630_firmwarer940xa_firmwarexe2420_firmwarenx3340t640_firmwarer940_firmwarexe7440r230_firmwarem830_firmwarec4140_firmwarec6320_firmwarexr12_firmwarem640pr750fc630r730xd_firmwarer7415r550r6415_firmwarer340xe8545r650nx430_firmwarefc640r630c4130r740xd2_firmwarer7425_firmwarer240c6420_firmwaret330_firmwaremx740cr7425r330_firmwarec6525t140r750xs_firmwarer330nx430r640nx440_firmwaremx840cm630pnx3340_firmwarer750xst630m640c6320r430_firmwarer650xsr350t150_firmwarer750_firmwaret150r6525mx840c_firmwarer740_firmwarer450_firmwarenx3240_firmwarec4140t630_firmwaret340t130t430r440_firmwarer530dss8440_firmwaremx740c_firmwarer250_firmwarer940r340_firmwarer7415_firmwarer840r730nx3240m830m640p_firmwarexe8545_firmwarer440r740xd2r7525_firmwarer6525_firmwarer730xdr540r230mx750c_firmwarer840_firmwarer740xd_firmwarer7525xe2420xr11_firmwaredss8440xr11m630p_firmwarefc830r350_firmwaret550xr12nx3330_firmwaremx750cnx440t640r830_firmwarer540_firmwarem830p_firmwaret350fc830_firmwaret140_firmwarexe7440_firmwarer730_firmwarexr2m640_firmwarer740xdr7515t330c6525_firmwarexe7420_firmwarer650xs_firmwaret440_firmwarexr2_firmwarer930nx3230_firmwarec6520PowerEdge Platform
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-23694
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-4.7||MEDIUM
EPSS-0.17% / 38.00%
||
7 Day CHG~0.00%
Published-23 May, 2023 | 06:08
Updated-17 Jan, 2025 | 17:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

Action-Not Available
Vendor-Dell Inc.
Product-vxrail_hyperconverged_infrastructureDell VxRail HCI
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-36313
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.1||CRITICAL
EPSS-1.04% / 76.50%
||
7 Day CHG~0.00%
Published-23 Nov, 2021 | 20:00
Updated-16 Sep, 2024 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC CloudLink 7.1 and all prior versions contain an OS command injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. This vulnerability is considered critical as it may be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity.

Action-Not Available
Vendor-Dell Inc.
Product-cloudlinkCloudLink
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-36287
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-4.68% / 88.90%
||
7 Day CHG~0.00%
Published-08 Apr, 2022 | 19:50
Updated-16 Sep, 2024 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell VNX2 for file version 8.1.21.266 and earlier, contain an unauthenticated remote code execution vulnerability which may lead unauthenticated users to execute commands on the system.

Action-Not Available
Vendor-Dell Inc.
Product-vnxe1600vnx5600vnx5400vnx5800vnx_vg10emc_unity_operating_environmentvnx5200vnx_vg50vnx7600vnx8000VNX2
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-39577
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.22% / 44.78%
||
7 Day CHG~0.00%
Published-26 Sep, 2024 | 17:06
Updated-25 Nov, 2024 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability leading to code execution.

Action-Not Available
Vendor-Dell Inc.
Product-smartfabric_os10SmartFabric OS10 Softwaresmartfabric_os10
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-38486
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.57% / 67.73%
||
7 Day CHG~0.00%
Published-06 Sep, 2024 | 04:06
Updated-13 Sep, 2024 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x , contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.

Action-Not Available
Vendor-Dell Inc.
Product-smartfabric_os10SmartFabric OS10 Softwaresmartfabric_os10
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-37140
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-5.50% / 89.85%
||
7 Day CHG~0.00%
Published-26 Jun, 2024 | 03:54
Updated-23 Sep, 2024 | 21:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an OS command injection vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the system application's underlying OS with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect DDpowerprotect_dd
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-4401
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.43% / 61.35%
||
7 Day CHG~0.00%
Published-05 Oct, 2023 | 17:12
Updated-19 Sep, 2024 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the CLI use of the ‘more’ command. A local or remote authenticated attacker could potentially exploit this vulnerability, leading to the ability to gain root-level access.

Action-Not Available
Vendor-Dell Inc.
Product-smartfabric_storage_softwareDell SmartFabric Storage Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-21570
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.73% / 71.66%
||
7 Day CHG~0.00%
Published-28 Sep, 2021 | 19:20
Updated-17 Sep, 2024 | 04:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell NetWorker, versions 18.x and 19.x contain an Information disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and gain access to unauthorized information.

Action-Not Available
Vendor-Dell Inc.
Product-emc_networkerNetWorker
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-21569
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.85% / 73.99%
||
7 Day CHG~0.00%
Published-28 Sep, 2021 | 19:20
Updated-17 Sep, 2024 | 03:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell NetWorker, versions 18.x and 19.x contain a Path traversal vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and gain access to unauthorized information.

Action-Not Available
Vendor-Dell Inc.
Product-emc_networkerNetWorker
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-21530
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.3||HIGH
EPSS-0.39% / 58.93%
||
7 Day CHG~0.00%
Published-30 Apr, 2021 | 21:10
Updated-16 Sep, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell OpenManage Enterprise-Modular (OME-M) versions prior to 1.30.00 contain a security bypass vulnerability. An authenticated malicious user with low privileges may potentially exploit the vulnerability to escape from the restricted environment and gain access to sensitive information in the system, resulting in information disclosure and elevation of privilege.

Action-Not Available
Vendor-Dell Inc.
Product-openmanage_enterprise-modularOpenManage Enterprise
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-25955
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.2||HIGH
EPSS-0.42% / 61.24%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 19:05
Updated-27 Jan, 2025 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the earliest opportunity.

Action-Not Available
Vendor-Dell Inc.
Product-solutions_enabler_virtual_appliancepowermax_eemunisphere_for_powermax_virtual_applianceVirtual Appliance (vApp) Managerunisphere_for_powermax_virtual_appliancesolutions_enabler_virtual_applianceunisphere_for_powermax
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 12
  • 13
  • Next
Details not found