Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-28073

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-23 Jun, 2023 | 10:42
Updated At-04 Dec, 2024 | 14:43
Rejected At-
Credits

Dell BIOS contains an improper authentication vulnerability. A locally authenticated malicious user may potentially exploit this vulnerability by bypassing certain authentication mechanisms in order to elevate privileges on the system.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:23 Jun, 2023 | 10:42
Updated At:04 Dec, 2024 | 14:43
Rejected At:
▼CVE Numbering Authority (CNA)

Dell BIOS contains an improper authentication vulnerability. A locally authenticated malicious user may potentially exploit this vulnerability by bypassing certain authentication mechanisms in order to elevate privileges on the system.

Affected Products
Vendor
Dell Inc.Dell
Product
CPG BIOS
Platforms
  • Latitude 5530
  • Precision 3570
Default Status
unaffected
Versions
Affected
  • 1.13.2
Problem Types
TypeCWE IDDescription
CWECWE-287CWE-287: Improper Authentication
Type: CWE
CWE ID: CWE-287
Description: CWE-287: Improper Authentication
Metrics
VersionBase scoreBase severityVector
3.18.2HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000213032/dsa-2023-160-dell-client
vendor-advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000213032/dsa-2023-160-dell-client
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000213032/dsa-2023-160-dell-client
vendor-advisory
x_transferred
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000213032/dsa-2023-160-dell-client
Resource:
vendor-advisory
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:23 Jun, 2023 | 11:15
Updated At:30 Jun, 2023 | 21:17

Dell BIOS contains an improper authentication vulnerability. A locally authenticated malicious user may potentially exploit this vulnerability by bypassing certain authentication mechanisms in order to elevate privileges on the system.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.18.2HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CPE Matches
Dell Inc.
dell
>>precision_3570>>-
cpe:2.3:h:dell:precision_3570:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>precision_3570_firmware>>Versions before 1.13.2(exclusive)
cpe:2.3:o:dell:precision_3570_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>latitude_5530>>-
cpe:2.3:h:dell:latitude_5530:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>latitude_5530_firmware>>Versions before 1.13.2(exclusive)
cpe:2.3:o:dell:latitude_5530_firmware:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-287Primarysecurity_alert@emc.com
CWE ID: CWE-287
Type: Primary
Source: security_alert@emc.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.dell.com/support/kbdoc/en-us/000213032/dsa-2023-160-dell-clientsecurity_alert@emc.com
Vendor Advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000213032/dsa-2023-160-dell-client
Source: security_alert@emc.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

328Records found
CVE-2024-22450
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.4||HIGH
EPSS-0.09% / 25.60%
||
7 Day CHG~0.00%
Published-10 Apr, 2024 | 07:08
Updated-31 Jan, 2025 | 17:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Alienware Command Center, versions prior to 6.2.7.0, contain an uncontrolled search path element vulnerability. A local malicious user could potentially inject malicious files in the file search path, leading to system compromise.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_command_centerAlienware Command Center (AWCC)alienware_command_center
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-22223
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.18% / 39.29%
||
7 Day CHG~0.00%
Published-12 Feb, 2024 | 19:07
Updated-07 May, 2025 | 20:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_cbr utility. An authenticated malicious user with local access could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-22228
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.23% / 46.03%
||
7 Day CHG~0.00%
Published-12 Feb, 2024 | 18:40
Updated-07 May, 2025 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cifssupport utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-22452
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.10% / 28.68%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 13:08
Updated-31 Jan, 2025 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Display and Peripheral Manager for macOS prior to 1.3 contains an improper access control vulnerability. A low privilege user could potentially exploit this vulnerability by modifying files in the installation folder to execute arbitrary code, leading to privilege escalation.

Action-Not Available
Vendor-Dell Inc.
Product-display_and_peripheral_managerDell Display and Peripheral Manager display_manager
CWE ID-CWE-264
Not Available
CVE-2022-33923
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.30% / 53.25%
||
7 Day CHG~0.00%
Published-20 Jul, 2022 | 20:55
Updated-16 Sep, 2024 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerStore, versions prior to 3.0.0.0, contains an OS Command Injection vulnerability in PowerStore T environment. A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS command on the PowerStore underlying OS. Exploiting may lead to a system take over by an attacker.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerstore_3200temc_powerstore_500temc_powerstore_9200temc_powerstore_5200t_firmwareemc_powerstore_1200t_firmwareemc_powerstore_9200t_firmwareemc_powerstore_500t_firmwareemc_powerstore_3200t_firmwareemc_powerstore_1200temc_powerstore_5200tPowerStore
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-34384
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.08%
||
7 Day CHG~0.00%
Published-10 Feb, 2023 | 20:03
Updated-26 Mar, 2025 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist Client Consumer (version 3.11.1 and prior), SupportAssist Client Commercial (version 3.2 and prior), Dell Command | Update, Dell Update, and Alienware Update versions before 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user may potentially exploit this vulnerability, leading to privilege escalation.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_business_pcscommand_updatesupportassist_for_home_pcsupdatealienware_updateSupportAssist Client Consumer
CWE ID-CWE-250
Execution with Unnecessary Privileges
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-34459
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.14%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 04:28
Updated-27 Mar, 2025 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a improper verification of cryptographic signature in get applicable driver component. A local malicious user could potentially exploit this vulnerability leading to malicious payload execution.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_updatecommand_updateupdateDell Command Update (DCU)
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2024-49558
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.75%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 03:22
Updated-15 Nov, 2024 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-smartfabric_os10SmartFabric OS10 Softwaresmartfabric_os10
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-49600
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.15%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 14:56
Updated-04 Feb, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Power Manager (DPM), versions prior to 3.17, contain an improper access control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of Privileges.

Action-Not Available
Vendor-Dell Inc.
Product-power_managerDell Power Manager (DPM)
CWE ID-CWE-284
Improper Access Control
CVE-2024-48830
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.26%
||
7 Day CHG+0.01%
Published-17 Mar, 2025 | 16:56
Updated-14 Jul, 2025 | 20:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.

Action-Not Available
Vendor-Dell Inc.
Product-smartfabric_os10SmartFabric OS10 Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-49564
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.86%
||
7 Day CHG-0.03%
Published-28 Mar, 2025 | 01:31
Updated-08 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges and elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-47480
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 8.78%
||
7 Day CHG~0.00%
Published-18 Dec, 2024 | 01:05
Updated-04 Feb, 2025 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Inventory Collector Client, versions prior to 12.7.0, contains an Improper Link Resolution Before File Access vulnerability. A low-privilege attacker with local access may exploit this vulnerability, potentially resulting in Elevation of Privileges and unauthorized file system access.

Action-Not Available
Vendor-Dell Inc.
Product-inventory_collectorInventory Collector Client
CWE ID-CWE-61
UNIX Symbolic Link (Symlink) Following
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-37127
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.60%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 08:25
Updated-27 Aug, 2024 | 15:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege

Action-Not Available
Vendor-Dell Inc.
Product-peripheral_managerDell Peripheral Managerperipheral_manager
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-37144
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.03% / 7.31%
||
7 Day CHG~0.00%
Published-10 Dec, 2024 | 02:11
Updated-10 Dec, 2024 | 21:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell PowerFlex custom node using PowerFlex Manager versions prior to 4.6.1.0, Dell InsightIQ versions prior to 5.1.1, and Dell Data Lakehouse versions prior to 1.2.0.0 contain an Insecure Storage of Sensitive Information vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure. The attacker may be able to use information disclosed to gain unauthorized access to pods within the cluster.

Action-Not Available
Vendor-Dell Inc.
Product-Dell Data LakehouseDell PowerFlex rackDell PowerFlex applianceDell PowerFlex custom nodeDell InsightIQ
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-37142
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.03% / 7.81%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 08:19
Updated-08 Aug, 2024 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege

Action-Not Available
Vendor-Dell Inc.
Product-peripheral_managerDell Peripheral Managerperipheral_manager
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2020-5348
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 30.90%
||
7 Day CHG~0.00%
Published-03 Apr, 2020 | 23:20
Updated-17 Sep, 2024 | 03:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a UAF vulnerability in EFI_BOOT_SERVICES in system management mode. A local unauthenticated attacker may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in system management mode.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_7202_firmwarelatitude_7202CPG BIOS
CWE ID-CWE-416
Use After Free
CVE-2020-5358
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 2.51%
||
7 Day CHG~0.00%
Published-15 Jun, 2020 | 20:20
Updated-17 Sep, 2024 | 01:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Encryption versions prior to 10.7 and Dell Endpoint Security Suite versions prior to 2.7 contain a privilege escalation vulnerability due to incorrect permissions. A local malicious user with low privileges could potentially exploit this vulnerability to gain elevated privilege on the affected system with the help of a symbolic link.

Action-Not Available
Vendor-Dell Inc.
Product-encryptionendpoint_security_suite_enterpriseDell Encryption Enterprise
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2024-32853
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.4||MEDIUM
EPSS-0.16% / 37.90%
||
7 Day CHG~0.00%
Published-02 Jul, 2024 | 07:03
Updated-02 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.2 contain an execution with unnecessary privileges vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFSpowerscale_onefs
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2021-21513
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.6||HIGH
EPSS-0.51% / 65.19%
||
7 Day CHG~0.00%
Published-02 Mar, 2021 | 16:00
Updated-16 Sep, 2024 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft Windows installations with Distributed Web Server (DWS) enabled configuration contains an authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain admin access on the affected system.

Action-Not Available
Vendor-Dell Inc.
Product-openmanage_server_administratorDell Open Manage Server Administrator
CWE ID-CWE-287
Improper Authentication
CVE-2021-21564
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-0.80% / 73.07%
||
7 Day CHG~0.00%
Published-09 Aug, 2021 | 21:05
Updated-17 Sep, 2024 | 03:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell OpenManage Enterprise versions prior to 3.6.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to hijack an elevated session or perform unauthorized actions by sending malformed data.

Action-Not Available
Vendor-Dell Inc.
Product-openmanage_enterpriseDell OpenManage Enterprise
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-287
Improper Authentication
CVE-2021-21538
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.6||CRITICAL
EPSS-1.55% / 80.70%
||
7 Day CHG~0.00%
Published-29 Jul, 2021 | 15:55
Updated-17 Sep, 2024 | 01:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access to the virtual console.

Action-Not Available
Vendor-Dell Inc.
Product-idrac9_firmwareIntegrated Dell Remote Access Controller (iDRAC)
CWE ID-CWE-287
Improper Authentication
CVE-2022-34379
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.4||CRITICAL
EPSS-0.19% / 40.99%
||
7 Day CHG~0.00%
Published-01 Sep, 2022 | 18:45
Updated-16 Sep, 2024 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC CloudLink 7.1.2 and all prior versions contain an Authentication Bypass Vulnerability. A remote attacker, with the knowledge of the active directory usernames, could potentially exploit this vulnerability to gain unauthorized access to the system.

Action-Not Available
Vendor-Dell Inc.
Product-cloudlinkCloudLink
CWE ID-CWE-287
Improper Authentication
CVE-2021-21544
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-2.7||LOW
EPSS-0.21% / 43.96%
||
7 Day CHG~0.00%
Published-30 Apr, 2021 | 20:55
Updated-17 Sep, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authentication vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to manipulate the username field under the comment section and set the value to any user.

Action-Not Available
Vendor-Dell Inc.
Product-idrac9_firmwareIntegrated Dell Remote Access Controller (iDRAC)
CWE ID-CWE-602
Client-Side Enforcement of Server-Side Security
CWE ID-CWE-287
Improper Authentication
CVE-2010-0834
Matching Score-6
Assigner-Canonical Ltd.
ShareView Details
Matching Score-6
Assigner-Canonical Ltd.
CVSS Score-9.3||HIGH
EPSS-0.51% / 65.30%
||
7 Day CHG~0.00%
Published-09 Aug, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110 netbooks, does not require authentication for package installation, which allows remote archive servers and man-in-the-middle attackers to execute arbitrary code via a crafted package.

Action-Not Available
Vendor-n/aUbuntuDell Inc.
Product-ubuntu_linuxlatitude_2110_netbookn/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-0695
Matching Score-6
Assigner-CERT/CC
ShareView Details
Matching Score-6
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-70.62% / 98.63%
||
7 Day CHG~0.00%
Published-19 Jun, 2012 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

hagent.exe in Wyse Device Manager (WDM) 4.7.x does not require authentication for commands, which allows remote attackers to obtain management access via a crafted query, as demonstrated by a V52 query that triggers a power-off action.

Action-Not Available
Vendor-n/aDell Inc.
Product-wyse_device_managern/a
CWE ID-CWE-287
Improper Authentication
CVE-2022-34372
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 36.17%
||
7 Day CHG~0.00%
Published-01 Sep, 2022 | 18:45
Updated-17 Sep, 2024 | 01:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Cyber Recovery versions before 19.11.0.2 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially access and interact with the docker registry API leading to an authentication bypass. The attacker may potentially alter the docker images leading to a loss of integrity and confidentiality

Action-Not Available
Vendor-Dell Inc.
Product-powerprotect_cyber_recoveryCyber Recovery
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-287
Improper Authentication
CVE-2018-1237
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-0.34% / 55.91%
||
7 Day CHG~0.00%
Published-27 Mar, 2018 | 21:00
Updated-17 Sep, 2024 | 04:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC ScaleIO versions prior to 2.5, contain improper restriction of excessive authentication attempts on the Light installation Agent (LIA). This component is deployed on every server in the ScaleIO cluster and is used for central management of ScaleIO nodes. A remote malicious user, having network access to LIA, could potentially exploit this vulnerability to launch brute force guessing of user names and passwords of user accounts on the LIA.

Action-Not Available
Vendor-Dell Inc.
Product-emc_scaleioScaleIO
CWE ID-CWE-287
Improper Authentication
CVE-2022-29083
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 29.96%
||
7 Day CHG+0.07%
Published-09 Aug, 2022 | 20:15
Updated-17 Sep, 2024 | 00:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prior Dell BIOS versions contain an Improper Authentication vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability by bypassing drive security mechanisms in order to gain access to the system.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_5410xps_8940inspiron_5310inspiron_3470precision_7730_firmwarevostro_5510_firmwareprecision_3551optiplex_7470vostro_5491precision_7730optiplex_7770_firmwareprecision_3640_tower_firmwareinspiron_7610precision_3650_towervostro_3881_firmwarevostro_3490_firmwarelatitude_5511_firmwarelatitude_7210_firmwareinspiron_5493precision_3550latitude_5510vostro_3888inspiron_7490vostro_3888_firmwareoptiplex_5070_firmwareinspiron_7610_firmwareprecision_7540wyse_5470vostro_3501_firmwarewyse_5070inspiron_3593_firmwareoptiplex_5080precision_3440inspiron_5494_firmwarelatitude_5511precision_3440_firmwarevostro_3070_firmwareg5_5000_firmwareoptiplex_7460_firmwareoptiplex_7071vostro_5310inspiron_5510_firmwareprecision_3550_firmwarelatitude_9410_firmwarelatitude_7410vostro_15_7580_firmwareg5_5587_firmwarevostro_15_7580latitude_5411g7_7588_firmwareoptiplex_3070_firmwarelatitude_7410_firmwareprecision_7740_firmwareg3_3579_firmwarevostro_3590_firmwareprecision_3431_toweroptiplex_3060_firmwareinspiron_3780optiplex_7760_firmwarevostro_3681vostro_5491_firmwarelatitude_5410_firmwarechengming_3980_firmwarevostro_5090_firmwareinspiron_3780_firmwareinspiron_7490_firmwareprecision_3530g7_7588latitude_5411_firmwarelatitude_3120_firmwareinspiron_3470_firmwarelatitude_5591inspiron_3593optiplex_7070_ultraprecision_7740inspiron_3880_firmwareinspiron_5310_firmwareg5_5090latitude_7310_firmwareoptiplex_7071_firmwareoptiplex_5080_firmwareinspiron_3790_firmwarelatitude_9510inspiron_5493_firmwareoptiplex_5070inspiron_3480inspiron_3480_firmwareprecision_3930_rack_firmwareinspiron_3670g5_5000inspiron_3793_firmwareprecision_3430_tower_firmwarevostro_3681_firmwareoptiplex_5060_firmwarevostro_3580_firmwarelatitude_9510_firmwarevostro_3590precision_3640_toweroptiplex_3090_firmwarevostro_5510optiplex_7770optiplex_5270precision_7530_firmwareinspiron_5410latitude_9410latitude_5510_firmwareinspiron_3790optiplex_7070optiplex_7080_firmwarevostro_3670vostro_3583_firmwareinspiron_3670_firmwarelatitude_3190_firmwareinspiron_5410_firmwarelatitude_5310inspiron_5494inspiron_3501_firmwarevostro_5410_firmwareg3_3779_firmwareinspiron_5594latitude_7210inspiron_3880precision_3431_tower_firmwareoptiplex_3080_firmwareinspiron_5510precision_7550_firmwareprecision_3930_rackprecision_7550vostro_3490chengming_3991vostro_5591inspiron_3881vostro_5090latitude_3190optiplex_3080inspiron_3881_firmwarevostro_7510_firmwarelatitude_5591_firmwareinspiron_3501optiplex_5260latitude_5310_firmwarevostro_7510vostro_3070inspiron_3793inspiron_7510_firmwareprecision_3430_towerinspiron_3580_firmwarevostro_3501latitude_7310optiplex_5260_firmwarewyse_5070_firmwarechengming_3990vostro_3670_firmwarevostro_3583xps_8940_firmwarelatitude_5491_firmwarechengming_3990_firmwarevostro_5880_firmwarewyse_5470_all-in-one_firmwarelatitude_3120optiplex_3090vostro_3480inspiron_3493inspiron_5594_firmwarechengming_3980precision_3551_firmwarevostro_5410precision_7540_firmwareoptiplex_7070_ultra_firmwareoptiplex_7760optiplex_3060vostro_3401_firmwareoptiplex_5060inspiron_5593_firmwareoptiplex_7060vostro_3881inspiron_5593vostro_5310_firmwarewyse_5470_firmwareprecision_3630_towerg5_5587vostro_3470wyse_5470_all-in-oneg5_5090_firmwareinspiron_7510optiplex_3070inspiron_3493_firmwareprecision_3530_firmwarelatitude_3320optiplex_5270_firmwareprecision_7530precision_3240_compactprecision_7750_firmwareoptiplex_7470_firmwarevostro_3480_firmwareoptiplex_7460optiplex_xe3_firmwarevostro_3401chengming_3991_firmwareprecision_7750vostro_3580vostro_5880optiplex_7070_firmwareoptiplex_xe3latitude_3320_firmwareprecision_3650_tower_firmwareoptiplex_7060_firmwareinspiron_3580latitude_5491precision_3240_compact_firmwareg3_3579g3_3779precision_3630_tower_firmwarevostro_3470_firmwareoptiplex_7080vostro_5591_firmwareCPG BIOS
CWE ID-CWE-287
Improper Authentication
CVE-2022-26870
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.16% / 37.81%
||
7 Day CHG~0.00%
Published-21 Oct, 2022 | 18:05
Updated-07 May, 2025 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerStore versions 2.1.0.x contain an Authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability under specific configuration. An attacker would gain unauthorized access upon successful exploit.

Action-Not Available
Vendor-Dell Inc.
Product-powerstoreosPowerStore
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-287
Improper Authentication
CVE-2022-26865
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.06% / 18.10%
||
7 Day CHG~0.00%
Published-26 May, 2022 | 15:20
Updated-16 Sep, 2024 | 23:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Support Assist OS Recovery versions before 5.5.2 contain an Authentication Bypass vulnerability. An unauthenticated attacker with physical access to the system may exploit this vulnerability by bypassing OS Recovery authentication in order to run arbitrary code on the system as Administrator.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_os_recoveryDell OS Recovery Tool
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-287
Improper Authentication
CVE-2022-24422
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.6||CRITICAL
EPSS-47.94% / 97.64%
||
7 Day CHG~0.00%
Published-26 May, 2022 | 15:20
Updated-16 Sep, 2024 | 22:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC Console.

Action-Not Available
Vendor-Dell Inc.
Product-idrac9Integrated Dell Remote Access Controller 9
CWE ID-CWE-287
Improper Authentication
CVE-2020-5384
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.4||HIGH
EPSS-0.05% / 15.58%
||
7 Day CHG~0.00%
Published-31 Jul, 2020 | 17:45
Updated-16 Sep, 2024 | 23:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Authentication Bypass Vulnerability RSA MFA Agent 2.0 for Microsoft Windows contains an Authentication Bypass vulnerability. A local unauthenticated attacker could potentially exploit this vulnerability by using an alternate path to bypass authentication in order to gain full access to the system.

Action-Not Available
Vendor-Dell Inc.RSA Security LLC
Product-multifactor_authentication_agentRSA Authentication Agent for Microsoft Windows
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-287
Improper Authentication
CVE-2022-23156
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6||MEDIUM
EPSS-0.04% / 11.63%
||
7 Day CHG~0.00%
Published-01 Apr, 2022 | 20:00
Updated-16 Sep, 2024 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wyse Device Agent version 14.6.1.4 and below contain an Improper Authentication vulnerability. A malicious user could potentially exploit this vulnerability by providing invalid input in order to obtain a connection to WMS server.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_device_agentDell Wyse Device Agent
CWE ID-CWE-287
Improper Authentication
CVE-2023-44302
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.1||HIGH
EPSS-5.08% / 89.39%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 08:44
Updated-02 Aug, 2024 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell DM5500 5.14.0.0 and prior contain an improper authentication vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access of resources or functionality that could possibly lead to execute arbitrary code.

Action-Not Available
Vendor-Dell Inc.
Product-powerprotect_data_manager_dm5500_firmwarepowerprotect_data_manager_dm5500Dell PowerProtect Data Manager DM5500 Appliance
CWE ID-CWE-287
Improper Authentication
CVE-2023-32453
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-4.6||MEDIUM
EPSS-0.03% / 6.69%
||
7 Day CHG~0.00%
Published-16 Aug, 2023 | 19:22
Updated-02 Oct, 2024 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper authentication vulnerability. A malicious user with physical access to the system may potentially exploit this vulnerability in order to modify a security-critical UEFI variable without knowledge of the BIOS administrator.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_9330inspiron_15_3511vostro_5510_firmwareinspiron_7500_firmwarevostro_5491optiplex_tower_plus_7010_firmwareinspiron_7610precision_3650_towerlatitude_rugged_7330chengming_3910_firmwarelatitude_3430_firmwareinspiron_5493optiplex_7410_all-in-oneprecision_7960_towerinspiron_24_5420_all-in-oneinspiron_3891_firmwarevostro_5890optiplex_3000g7_17_7700inspiron_7490inspiron_24_5421_all-in-onelatitude_7420_firmwareprecision_5860_tower_firmwareinspiron_7610_firmwarexps_13_7390_2-in-1_firmwarexps_13_9315inspiron_15_3511_firmwareoptiplex_5090_firmwareinspiron_3593_firmwareprecision_5470_firmwarelatitude_9330_firmwarevostro_3710_firmwareinspiron_7501inspiron_7300_2-in-1chengming_3911_firmwareg7_15_7500_firmwareprecision_7960_tower_firmwareoptiplex_3000_firmwareinspiron_3891latitude_3330xps_13_9305g3_3500xps_13_7390_2-in-1alienware_m18inspiron_7300_2-in-1_firmwareoptiplex_7090_firmwarevostro_3690g16_7620_firmwarevostro_3020_sff_firmwareprecision_3460_small_form_factor_firmwarevostro_3020_t_firmwarevostro_7500optiplex_7490_all-in-onelatitude_7320alienware_m15_r7g5_15_5500_firmwareoptiplex_7090latitude_9520precision_3660g7_17_7700_firmwarevostro_3910inspiron_14_5418_firmwarelatitude_7230_rugged_extreme_tablet_firmwarelatitude_3440latitude_7420inspiron_3020_desktoplatitude_rugged_7330_firmwarevostro_3020_tvostro_5491_firmwarelatitude_5430xps_13_7390inspiron_7490_firmwarelatitude_3530_firmwarelatitude_3400_firmwareinspiron_24_5420_all-in-one_firmwarevostro_3890chengming_3901_firmwareinspiron_3593inspiron_15_5518_firmwareoptiplex_tower_plus_7010inspiron_3511_firmwareprecision_5860_toweroptiplex_3000_thin_clientg7_15_7500inspiron_14_5410xps_13_9310_firmwarexps_13_7390_firmwareinspiron_5493_firmwarelatitude_3400latitude_7520_firmwarelatitude_5431vostro_3710optiplex_3000_thin_client_firmwarelatitude_5420optiplex_xe4_firmwareinspiron_3793_firmwareprecision_5470vostro_5890_firmwareoptiplex_micro_plus_7010latitude_3440_firmwareinspiron_3910_firmwareg15_5520_firmwarelatitude_3530inspiron_15_5510optiplex_small_form_factor_plus_7010precision_3470_firmwareinspiron_3511vostro_5510xps_13_9305_firmwarelatitude_rugged_5430_firmwarexps_13_9310inspiron_5410optiplex_7400_all-in-onevostro_3020_sffvostro_3510_firmwareoptiplex_7000chengming_3901latitude_3340_firmwareinspiron_5410_firmwarealienware_m16latitude_3540_firmwareinspiron_15_5510_firmwarevostro_5410_firmwarelatitude_5431_firmwarelatitude_3301inspiron_27_7720_all-in-one_firmwarexps_13_9300g3_3500_firmwareg16_7620precision_3450chengming_3900latitude_3500_firmwarechengming_3900_firmwarexps_15_9520_firmwareprecision_5680_firmwareoptiplex_7490_all-in-one_firmwarevostro_5591precision_3260_xe_compact_firmwareprecision_3260_xe_compactinspiron_7501_firmwareprecision_3660_firmwareoptiplex_5400_all-in-one_firmwarechengming_3910inspiron_7500_2-in-1_blacklatitude_3330_firmwarexps_13_9315_firmwarevostro_7510_firmwarelatitude_3140latitude_3500vostro_7510xps_13_9300_firmwareinspiron_3793precision_5570_firmwareinspiron_3910inspiron_27_7720_all-in-oneinspiron_7510_firmwarelatitude_rugged_5430latitude_7520optiplex_7400_all-in-one_firmwareprecision_5570vostro_3890_firmwareinspiron_7500_2-in-1_black_firmwareprecision_3450_firmwareinspiron_14_5410_firmwareprecision_3460_small_form_factorinspiron_7500optiplex_micro_plus_7010_firmwarealienware_m16_firmwareprecision_3460_xe_small_form_factorprecision_3470latitude_7320_firmwareoptiplex_5490_all-in-onexps_15_9520inspiron_3493latitude_3340vostro_5410g5_15_5500inspiron_3020_small_desktop_firmwarelatitude_7230_rugged_extreme_tabletlatitude_5430_firmwareoptiplex_small_form_factor_plus_7010_firmwareinspiron_5593_firmwareoptiplex_5000_firmwareoptiplex_7410_all-in-one_firmwareinspiron_5593latitude_5420_firmwareinspiron_3020_desktop_firmwareoptiplex_5000inspiron_7510inspiron_3493_firmwareprecision_3260_compact_firmwareoptiplex_5400_all-in-onelatitude_3320vostro_3910_firmwareprecision_3460_xe_small_form_factor_firmwarechengming_3911latitude_3540xps_13_9310_2-in-1_firmwarealienware_m18_firmwareinspiron_3020_small_desktopprecision_5680precision_3260_compactalienware_m15_r7_firmwareinspiron_14_5418inspiron_24_5421_all-in-one_firmwarelatitude_3430g15_5520optiplex_7000_firmwarelatitude_3301_firmwarelatitude_3320_firmwareprecision_3650_tower_firmwarelatitude_3140_firmwarelatitude_9520_firmwareoptiplex_5490_all-in-one_firmwarevostro_3510vostro_3690_firmwarexps_13_9310_2-in-1optiplex_5090inspiron_15_5518optiplex_xe4vostro_5591_firmwarevostro_7500_firmwareCPG BIOS
CWE ID-CWE-287
Improper Authentication
CVE-2021-36350
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.9||MEDIUM
EPSS-0.39% / 59.37%
||
7 Day CHG~0.00%
Published-21 Dec, 2021 | 17:05
Updated-17 Sep, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authentication bypass by primary weakness in one of the authentication factors. A remote unauthenticated attacker may potentially exploit this vulnerability and bypass one of the factors of authentication.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-287
Improper Authentication
CVE-2021-36308
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.9||MEDIUM
EPSS-1.72% / 81.65%
||
7 Day CHG~0.00%
Published-20 Nov, 2021 | 01:40
Updated-16 Sep, 2024 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to gain access and perform actions on the affected system.

Action-Not Available
Vendor-Dell Inc.
Product-networking_os10Networking OS
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-287
Improper Authentication
CVE-2021-36306
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.1||HIGH
EPSS-1.72% / 81.65%
||
7 Day CHG~0.00%
Published-20 Nov, 2021 | 01:40
Updated-17 Sep, 2024 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Networking OS10, versions prior to October 2021 with RESTCONF API enabled, contains an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to gain access and perform actions on the affected system.

Action-Not Available
Vendor-Dell Inc.
Product-networking_os10Networking OS
CWE ID-CWE-287
Improper Authentication
CVE-2006-2113
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.4||MEDIUM
EPSS-2.35% / 84.26%
||
7 Day CHG~0.00%
Published-25 Aug, 2006 | 01:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The embedded HTTP server in Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, does not properly perform authentication for HTTP requests, which allows remote attackers to modify system configuration via crafted requests, including changing the administrator password or causing a denial of service to the print server.

Action-Not Available
Vendor-fuji_xeroxn/aDell Inc.
Product-docuprint_181_network_option_card3000cnfuji_xerox_printing_systems_print_enginedocuprint_c830_network_option_carddocuprint_211docuprint_c1616_network_option_card3100cn3110cndocuprint_c525a_network_option_carddocuprint_1815110cnphaser_6201jdocuprint_c1616docuprint_c830docuprint_211_network_option_carddocuprint_c2535a3010cndocuprint_c525a5100cnn/a
CWE ID-CWE-287
Improper Authentication
CVE-2013-4783
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-4.83% / 89.10%
||
7 Day CHG-0.58%
Published-08 Jul, 2013 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Dell iDRAC6 with firmware 1.x before 1.92 and 2.x and 3.x before 3.42, and iDRAC7 with firmware before 1.23.23, allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password. NOTE: the vendor disputes the significance of this issue, stating "DRAC's are intended to be on a separate management network; they are not designed nor intended to be placed on or connected to the Internet."

Action-Not Available
Vendor-n/aDell Inc.
Product-idrac6_bmcn/a
CWE ID-CWE-287
Improper Authentication
CVE-2021-36346
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-1.22% / 78.21%
||
7 Day CHG~0.00%
Published-25 Jan, 2022 | 22:15
Updated-16 Sep, 2024 | 22:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell iDRAC 8 prior to version 2.82.82.82 contain a denial of service vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to deny access to the iDRAC webserver.

Action-Not Available
Vendor-Dell Inc.
Product-integrated_dell_remote_access_controller_8_firmwareintegrated_dell_remote_access_controller_8Integrated Dell Remote Access Controller (iDRAC)
CWE ID-CWE-287
Improper Authentication
CVE-2017-8023
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-17.99% / 94.91%
||
7 Day CHG~0.00%
Published-01 Apr, 2019 | 20:54
Updated-16 Sep, 2024 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EMC Networker Remote Code Execution Vulnerability

EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the Networker Client execution service (nsrexecd) when oldauth authentication method is used. An unauthenticated remote attacker could send arbitrary commands via RPC service to be executed on the host system with the privileges of the nsrexecd service, which runs with administrative privileges.

Action-Not Available
Vendor-Dell Inc.
Product-emc_networkerNetworker
CWE ID-CWE-287
Improper Authentication
CVE-2025-26475
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 11.24%
||
7 Day CHG+0.01%
Published-19 Mar, 2025 | 15:13
Updated-20 May, 2025 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, Enables Live-Restore setting which enhances security by keeping containers running during daemon restarts, reducing attack exposure, preventing accidental misconfigurations, and ensuring security controls remain active.

Action-Not Available
Vendor-Dell Inc.
Product-secure_connect_gatewaySecure Connect Gateway (SCG) 5.0 Appliance - SRS
CWE ID-CWE-287
Improper Authentication
CVE-2025-22477
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.3||HIGH
EPSS-0.12% / 31.36%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 16:03
Updated-13 May, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-storage_managerDell Storage Center - Dell Storage Manager
CWE ID-CWE-287
Improper Authentication
CVE-2021-21502
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-0.27% / 50.38%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 21:25
Updated-16 Sep, 2024 | 17:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 8.1.0 – 9.1.0 contain a "use of SSH key past account expiration" vulnerability. A user on the network with the ISI_PRIV_AUTH_SSH RBAC privilege that has an expired account may potentially exploit this vulnerability, giving them access to the same things they had before account expiration. This may by a high privileged account and hence Dell recommends customers upgrade at the earliest opportunity.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-287
Improper Authentication
CVE-2018-1987
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.04% / 11.10%
||
7 Day CHG~0.00%
Published-02 Aug, 2019 | 14:10
Updated-17 Sep, 2024 | 02:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect for Enterprise Resource Planning 7.1 and 8.1, if tracing is activated, the IBM Spectrum Protect node password may be displayed in plain text in the ERP trace file. IBM X-Force ID: 154280.

Action-Not Available
Vendor-IBM Corporation
Product-data_protectionSpectrum Protect for Enterprise Resource Planning
CWE ID-CWE-287
Improper Authentication
CVE-2021-25315
Matching Score-4
Assigner-SUSE
ShareView Details
Matching Score-4
Assigner-SUSE
CVSS Score-9.8||CRITICAL
EPSS-0.16% / 37.95%
||
7 Day CHG~0.00%
Published-03 Mar, 2021 | 09:55
Updated-16 Sep, 2024 | 21:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
salt-api unauthenticated remote code execution

CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions.

Action-Not Available
Vendor-saltstackopenSUSESUSE
Product-tumbleweedsuse_linux_enterprise_serversaltTumbleweedSUSE Linux Enterprise Server 15 SP 3
CWE ID-CWE-287
Improper Authentication
CVE-2018-16877
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.06% / 17.43%
||
7 Day CHG~0.00%
Published-18 Apr, 2019 | 00:00
Updated-05 Aug, 2024 | 10:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.

Action-Not Available
Vendor-clusterlabsClusterLabsDebian GNU/LinuxRed Hat, Inc.Canonical Ltd.openSUSEFedora Project
Product-ubuntu_linuxpacemakerdebian_linuxenterprise_linux_server_ausfedoraenterprise_linuxenterprise_linux_eusenterprise_linux_server_tusleappacemaker
CWE ID-CWE-287
Improper Authentication
CVE-2022-32570
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.10% / 27.69%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 19:59
Updated-27 Jan, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-quartus_primeIntel(R) Quartus Prime Pro and Standard edition software
CWE ID-CWE-287
Improper Authentication
CVE-2022-33242
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 13.54%
||
7 Day CHG~0.00%
Published-07 Mar, 2023 | 04:43
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper authentication in Qualcomm IPC

Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_8cx_gen3_firmwaresa6150p_firmwareqcs610qca6431_firmwarewcn3950_firmwaresc8180x\+sdx55sa8150p_firmwareqcs2290qca6595au_firmwaresa6155sd_455_firmwarecsra6620_firmwareqcs605_firmwaresd_675_firmwarecsra6640_firmwareqcs6125_firmwaresa415mwcn3998wcd9371_firmwareqam8295pwcn3950sm4125sd720gsd_8cx_gen2_firmwaresd_8_gen1_5g_firmwarewcn3660bqsm8350_firmwaresd710_firmwareqsm8350sd460_firmwaresm7315_firmwarewcn7850qca6574au_firmwarewcd9375_firmwarewcn3998_firmwaresa6155_firmwareqca6420sd680_firmwarewcn3999sd_8cx_gen2qrb5165_firmwareqrb5165m_firmwareqca6698aqqcs6125sa4155p_firmwaresa8155_firmwaresd662_firmwareqcs405qca6430wcd9340sd765gsw5100sd680qca6436wcn6851sa6155pqcs603_firmwarewcn7851_firmwareqca6698aq_firmwarewcd9341qca6431qca6696_firmwarewcd9371sd870_firmwaresd750gwcn3910_firmwaresxr2150p_firmwaresd_8cxsa8150pwsa8830_firmwaresd855_firmwaresd660sd865_5g_firmwaresnapdragon_4_gen_1sd712wcn3988sd660_firmwarewcn7850_firmwaresa8195p_firmwaresm8475wcn6750_firmwaresa8295p_firmwarewcn3610wcn3991sda429w_firmwarewcd9380_firmwaressg2125psdm429wsw5100pqca6564ausdx55m_firmwarewcn6856_firmwaresd670_firmwareqca6574wcd9380qcs410sd690_5g_firmwaresdx50m_firmwaresxr1230pqcn9012_firmwareqca6430_firmwarewcd9335_firmwarewcn3980qcm4325_firmwareqcs605wcd9340_firmwarewsa8815wcn6850sd7cwcn3910qca6426_firmwarewcn3660b_firmwaresd695qca9984wcn3980_firmwaresd730sdx55mqcc5100_firmwaresa8295pqca6421_firmwarewcn6740_firmwaresd678_firmwarear8031_firmwareqrb5165wcn6851_firmwareqcs603sd670sd_636_firmwareqca6564a_firmwareqcm4290_firmwaresd480sd870wcn6855wsa8832sw5100p_firmwaresa8540pqcs610_firmwareqsm8250sa6145psd695_firmwaresdxr1ar8031qca6595_firmwareqcs405_firmwaresa8145psdm630_firmwareqca6391_firmwaresa4150p_firmwarewcd9370_firmwaresd780g_firmwaresdx55sd888_firmwaresa8155pcsra6640sd675ssg2115p_firmwareqcs8155_firmwaresa4155psxr2150par8035_firmwareqsm8250_firmwareqcm2290wcn3991_firmwaremdm9150_firmwarewsa8830sd678sa8145p_firmwareqcs2290_firmwaresd7c_firmwaresnapdragon_4_gen_1_firmwaresd_636csra6620qcs4290sd765g_firmwareqca6420_firmwareqca6390_firmwaresd690_5gsd730_firmwarewcd9370sd675_firmwaressg2115pqca6564qca6426wcn3990_firmwareqrb5165n_firmwareqca9984_firmwaresd_8cx_firmwarewcd9385_firmwaresdxr2_5g_firmwarewcd9326_firmwaresd662qam8295p_firmwareqcn9011_firmwaresa8155sa9000p_firmwarewcn3680b_firmwaresdx55_firmwareqca6595auwcn3999_firmwaresm7250p_firmwarewcn3610_firmwareqca6436_firmwareqrb5165nqca6564au_firmwaresd778gsa6155p_firmwareqcs8155wcn7851sd429sa515m_firmwareqcs6490sdxr2_5gsdm630sa415m_firmwarewcn3988_firmwareqcn9074sd429_firmwaresa6145p_firmwareqca6421sd778g_firmwaresm6250sd712_firmwaresa8195pwsa8810_firmwaresd765_firmwarewcd9326wcd9335sg4150pqcs4290_firmwarewcd9385qcs6490_firmwaresd_8cx_gen3qca6390wcd9375sd750g_firmwareaqt1000ar8035sc8180x\+sdx55_firmwaresm6250_firmwaresda429wwcn3620_firmwarewsa8815_firmwaresd888_5g_firmwareqcm6490wcn6850_firmwarewsa8835_firmwarewcn3620qca6564asa4150psg4150p_firmwareqcm6125_firmwareqcm4325qcm2290_firmwarewcn3990sd_675sd780gsd865_5gqca6595qcc5100qcn9012sd888wsa8835sxr1230p_firmwaresdm429w_firmwaresd665_firmwaresa8540p_firmwaresd888_5gssg2125p_firmwareqca6574awcn6855_firmwaresm7325pwcn6750sa515msa9000pqca6574_firmwaresd855sm4125_firmwaresm7325p_firmwaresd665sd765qca6574a_firmwaresd768g_firmwareqrb5165msm7315sd460qca6391sdxr1_firmwareaqt1000_firmwareqcm4290qcm6490_firmwaresdx50mwsa8832_firmwaresd480_firmwareqcn9011sd_455qca6574ausd710sa8155p_firmwarewcd9341_firmwareqcm6125wsa8810mdm9150wcn6856wcn3680bqca6564_firmwaresd768gwcn6740qca6696sa6150psm7250psd720g_firmwaresw5100_firmwareqcn9074_firmwareqcs410_firmwareSnapdragonwcn3991_firmwaresd_8cx_gen3_firmwaremdm9150_firmwaresa6150p_firmwaresa8145p_firmwareqcs2290_firmwareqca6431_firmwaresd7c_firmwaresnapdragon_4_gen_1_firmwarewcn3950_firmwaresa8150p_firmwaresd765g_firmwareqca6420_firmwareqca6595au_firmwareqca6390_firmwaresd730_firmwaresd_455_firmwarecsra6620_firmwareqcs605_firmwaresd_675_firmwaresd675_firmwarecsra6640_firmwareqcs6125_firmwarewcn3990_firmwareqrb5165n_firmwareqca9984_firmwaresd_8cx_firmwarewcd9371_firmwaresdxr2_5g_firmwaresd_8cx_gen2_firmwarewcd9326_firmwarewcd9385_firmwaresd_8_gen1_5g_firmwareqsm8350_firmwaresd710_firmwaresd460_firmwareqam8295p_firmwareqcn9011_firmwaresa9000p_firmwaresm7315_firmwareqca6574au_firmwaresdx55_firmwarewcn3680b_firmwarewcd9375_firmwaresa6155_firmwarewcn3998_firmwarewcn3999_firmwaresm7250p_firmwarewcn3610_firmwareqca6436_firmwareqca6564au_firmwaresd680_firmwaresa6155p_firmwaresa515m_firmwareqrb5165_firmwareqrb5165m_firmwaresa4155p_firmwaresa8155_firmwaresd662_firmwaresa415m_firmwarewcn3988_firmwaresa6145p_firmwaresd429_firmwaresd712_firmwaresd778g_firmwarewsa8810_firmwaresd765_firmwareqcs603_firmwarewcn7851_firmwareqca6698aq_firmwareqcs4290_firmwareqca6696_firmwareqcs6490_firmwaresd870_firmwarewcn3910_firmwaresxr2150p_firmwaresd750g_firmwaresm6250_firmwarewsa8830_firmwaresd855_firmwaresd865_5g_firmwarewcn3620_firmwarewsa8815_firmwaresd888_5g_firmwarewcn6850_firmwaresd660_firmwarewcn7850_firmwarewsa8835_firmwaresa8195p_firmwaresa8295p_firmwarewcn6750_firmwaresg4150p_firmwareqcm6125_firmwareqcm2290_firmwaresda429w_firmwarewcd9380_firmwaresdx55m_firmwarewcn6856_firmwaresd670_firmwaresxr1230p_firmwaresdm429w_firmwaresd665_firmwaresa8540p_firmwaressg2125p_firmwaresd690_5g_firmwaresdx50m_firmwarewcn6855_firmwareqca6430_firmwareqcn9012_firmwarewcd9335_firmwareqcm4325_firmwareqca6574_firmwarewcd9340_firmwaresm4125_firmwaresm7325p_firmwareqca6426_firmwarewcn3660b_firmwareqca6574a_firmwaresd768g_firmwarewcn3980_firmwaresdxr1_firmwareqcc5100_firmwareqca6421_firmwareaqt1000_firmwarewcn6740_firmwaresd678_firmwarear8031_firmwareqcm6490_firmwarewsa8832_firmwaresd480_firmwarewcn6851_firmwaresa8155p_firmwaresd_636_firmwareqca6564a_firmwarewcd9341_firmwareqcm4290_firmwaresw5100p_firmwareqcs610_firmwareqca6564_firmwaresd695_firmwareqca6595_firmwareqcs405_firmwaresdm630_firmwareqca6391_firmwaresa4150p_firmwaresd780g_firmwarewcd9370_firmwaresd888_firmwaresd720g_firmwaressg2115p_firmwareqcs8155_firmwareqcn9074_firmwareqcs410_firmwaresw5100_firmwarear8035_firmwareqsm8250_firmware
CWE ID-CWE-287
Improper Authentication
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • Next
Details not found