ByteOS Network

Type	CWE ID	Description
CWE	CWE-274	CWE-274: Improper Handling of Insufficient Privileges

Version	Base score	Base severity	Vector
3.1	6.7	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Hyperlink	Resource
https://www.dell.com/support/kbdoc/en-us/000216717/dsa-2023-269-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities	vendor-advisory

Hyperlink	Resource
https://www.dell.com/support/kbdoc/en-us/000216717/dsa-2023-269-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities	vendor-advisory x_transferred

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Type	Version	Base score	Base severity	Vector
Primary	3.1	6.7	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Secondary	3.1	6.7	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov
CWE-274	Secondary	security_alert@emc.com

Hyperlink	Source	Resource
https://www.dell.com/support/kbdoc/en-us/000216717/dsa-2023-269-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities	security_alert@emc.com	Vendor Advisory

CVE-2023-28050

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-5.1||MEDIUM

EPSS-0.02% / 3.06%

||

7 Day CHG~0.00%

Published-23 Jun, 2023 | 10:25

Updated-07 Nov, 2024 | 21:09

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2023-25940

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.05% / 13.48%

||

7 Day CHG~0.00%

Published-04 Apr, 2023 | 10:14

Updated-11 Feb, 2025 | 17:04

Dell PowerScale OneFS version 9.5.0.0 contains improper link resolution before file access vulnerability in isi_gather_info. A high privileged local attacker could potentially exploit this vulnerability, leading to system takeover and it breaks the compliance mode guarantees.

Vendor-Dell Inc.

Product-emc_powerscale_onefs PowerScale OneFS

CWE ID-CWE-59

Improper Link Resolution Before File Access ('Link Following')

CVE-2023-25936

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-5.1||MEDIUM

EPSS-0.02% / 3.06%

||

7 Day CHG~0.00%

Published-23 Jun, 2023 | 08:56

Updated-08 Nov, 2024 | 16:10

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2023-25937

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-5.1||MEDIUM

EPSS-0.02% / 3.06%

||

7 Day CHG~0.00%

Published-23 Jun, 2023 | 09:40

Updated-08 Nov, 2024 | 14:06

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2023-25938

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-5.1||MEDIUM

EPSS-0.02% / 3.23%

||

7 Day CHG~0.00%

Published-23 Jun, 2023 | 10:13

Updated-07 Nov, 2024 | 21:31

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2019-18576

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.12% / 31.49%

||

7 Day CHG~0.00%

Published-13 Mar, 2020 | 20:30

Updated-16 Sep, 2024 | 17:58

Dell EMC XtremIO XMS versions prior to 6.3.0 contain an information disclosure vulnerability where OS users’ passwords are logged in local files. Malicious local users with access to the log files may use the exposed passwords to gain access to XtremIO with the privileges of the compromised user.

Vendor-Dell Inc.

Product-xtremio_management_server XtremIO

CWE ID-CWE-532

Insertion of Sensitive Information into Log File

CVE-2019-18577

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.10% / 28.95%

||

7 Day CHG~0.00%

Published-13 Mar, 2020 | 20:30

Updated-16 Sep, 2024 | 18:48

Dell EMC XtremIO XMS versions prior to 6.3.0 contain an incorrect permission assignment vulnerability. A malicious local user with XtremIO xinstall privileges may exploit this vulnerability to gain root access.

Vendor-Dell Inc.

Product-xtremio_management_server XtremIO

CWE ID-CWE-732

Incorrect Permission Assignment for Critical Resource

CVE-2022-31239

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.13% / 32.90%

||

7 Day CHG~0.00%

Published-21 Oct, 2022 | 18:05

Updated-07 May, 2025 | 15:53

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, and 9.3.0.6, contain sensitive data in log files vulnerability. A privileged local user may potentially exploit this vulnerability, leading to disclosure of this sensitive data.

Vendor-Dell Inc.

Product-emc_powerscale_onefs PowerScale OneFS

CWE ID-CWE-532

Insertion of Sensitive Information into Log File

CVE-2022-34413

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.03% / 8.53%

||

7 Day CHG~0.00%

Published-16 Mar, 2023 | 11:35

Updated-26 Feb, 2025 | 15:56

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

Vendor-Dell Inc.

Product-r750xa_firmware t430_firmware r6515_firmware t350_firmware fc430_firmware m630_firmware t550_firmware r430 nx3330 r750xa c6420 r6515 fc430 r530_firmware r930_firmware r450 r650_firmware r6415 t130_firmware c6520_firmware t440 xe7420 m630 r640_firmware r740 r550_firmware c4130_firmware r830 r940xa r7515_firmware t340_firmware r240_firmware r630_firmware nx3230 fc640_firmware m830p r250 fc630_firmware r940xa_firmware xe2420_firmware nx3340 t640_firmware r940_firmware xe7440 r230_firmware m830_firmware c4140_firmware c6320_firmware xr12_firmware m640p r750 fc630 r730xd_firmware r7415 r550 r6415_firmware r340 xe8545 r650 nx430_firmware fc640 r630 c4130 r740xd2_firmware r7425_firmware r240 c6420_firmware t330_firmware mx740c r7425 r330_firmware c6525 t140 r750xs_firmware r330 nx430 r640 nx440_firmware mx840c m630p nx3340_firmware r750xs t630 m640 c6320 r430_firmware r650xs r350 t150_firmware r750_firmware t150 r6525 mx840c_firmware r740_firmware r450_firmware nx3240_firmware c4140 t630_firmware t340 t130 t430 r440_firmware r530 dss8440_firmware mx740c_firmware r250_firmware r940 r340_firmware r7415_firmware r840 r730 nx3240 m830 m640p_firmware xe8545_firmware r440 r740xd2 r7525_firmware r6525_firmware r730xd r540 r230 mx750c_firmware r840_firmware r740xd_firmware r7525 xe2420 xr11_firmware dss8440 xr11 m630p_firmware fc830 r350_firmware t550 xr12 nx3330_firmware mx750c nx440 t640 r830_firmware r540_firmware m830p_firmware t350 fc830_firmware t140_firmware xe7440_firmware r730_firmware xr2 m640_firmware r740xd r7515 t330 c6525_firmware xe7420_firmware r650xs_firmware t440_firmware xr2_firmware r930 nx3230_firmware c6520 PowerEdge Platform

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2022-34423

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.03% / 8.53%

||

7 Day CHG~0.00%

Published-16 Mar, 2023 | 12:21

Updated-26 Feb, 2025 | 15:24

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

Vendor-Dell Inc.

Product-r750xa_firmware t430_firmware r6515_firmware t350_firmware fc430_firmware m630_firmware t550_firmware r430 nx3330 r750xa c6420 r6515 fc430 r530_firmware r930_firmware r450 r650_firmware r6415 t130_firmware c6520_firmware t440 xe7420 m630 r640_firmware r740 r550_firmware c4130_firmware r830 r940xa r7515_firmware t340_firmware r240_firmware r630_firmware nx3230 fc640_firmware m830p r250 fc630_firmware r940xa_firmware xe2420_firmware nx3340 t640_firmware r940_firmware xe7440 r230_firmware m830_firmware c4140_firmware c6320_firmware xr12_firmware m640p r750 fc630 r730xd_firmware r7415 r550 r6415_firmware r340 xe8545 r650 nx430_firmware fc640 r630 c4130 r740xd2_firmware r7425_firmware r240 c6420_firmware t330_firmware mx740c r7425 r330_firmware c6525 t140 r750xs_firmware r330 nx430 r640 nx440_firmware mx840c m630p nx3340_firmware r750xs t630 m640 c6320 r430_firmware r650xs r350 t150_firmware r750_firmware t150 r6525 mx840c_firmware r740_firmware r450_firmware nx3240_firmware c4140 t630_firmware t340 t130 t430 r440_firmware r530 dss8440_firmware mx740c_firmware r250_firmware r940 r340_firmware r7415_firmware r840 r730 nx3240 m830 m640p_firmware xe8545_firmware r440 r740xd2 r7525_firmware r6525_firmware r730xd r540 r230 mx750c_firmware r840_firmware r740xd_firmware r7525 xe2420 xr11_firmware dss8440 xr11 m630p_firmware fc830 r350_firmware t550 xr12 nx3330_firmware mx750c nx440 t640 r830_firmware r540_firmware m830p_firmware t350 fc830_firmware t140_firmware xe7440_firmware r730_firmware xr2 m640_firmware r740xd r7515 t330 c6525_firmware xe7420_firmware r650xs_firmware t440_firmware xr2_firmware r930 nx3230_firmware c6520 PowerEdge Platform

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2022-34438

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.05% / 13.94%

||

7 Day CHG~0.00%

Published-21 Oct, 2022 | 18:05

Updated-07 May, 2025 | 16:15

Dell PowerScale OneFS, versions 8.2.x-9.4.0.x, contain a privilege context switching error. A local authenticated malicious user with high privileges could potentially exploit this vulnerability, leading to full system compromise. This impacts compliance mode clusters.

Vendor-Dell Inc.

Product-emc_powerscale_onefs PowerScale OneFS

CWE ID-CWE-269

Improper Privilege Management

CVE-2022-34422

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.03% / 8.53%

||

7 Day CHG~0.00%

Published-16 Mar, 2023 | 11:58

Updated-26 Feb, 2025 | 15:25

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

Vendor-Dell Inc.

Product-r750xa_firmware t430_firmware r6515_firmware t350_firmware fc430_firmware m630_firmware t550_firmware r430 nx3330 r750xa c6420 r6515 fc430 r530_firmware r930_firmware r450 r650_firmware r6415 t130_firmware c6520_firmware t440 xe7420 m630 r640_firmware r740 r550_firmware c4130_firmware r830 r940xa r7515_firmware t340_firmware r240_firmware r630_firmware nx3230 fc640_firmware m830p r250 fc630_firmware r940xa_firmware xe2420_firmware nx3340 t640_firmware r940_firmware xe7440 r230_firmware m830_firmware c4140_firmware c6320_firmware xr12_firmware m640p r750 fc630 r730xd_firmware r7415 r550 r6415_firmware r340 xe8545 r650 nx430_firmware fc640 r630 c4130 r740xd2_firmware r7425_firmware r240 c6420_firmware t330_firmware mx740c r7425 r330_firmware c6525 t140 r750xs_firmware r330 nx430 r640 nx440_firmware mx840c m630p nx3340_firmware r750xs t630 m640 c6320 r430_firmware r650xs r350 t150_firmware r750_firmware t150 r6525 mx840c_firmware r740_firmware r450_firmware nx3240_firmware c4140 t630_firmware t340 t130 t430 r440_firmware r530 dss8440_firmware mx740c_firmware r250_firmware r940 r340_firmware r7415_firmware r840 r730 nx3240 m830 m640p_firmware xe8545_firmware r440 r740xd2 r7525_firmware r6525_firmware r730xd r540 r230 mx750c_firmware r840_firmware r740xd_firmware r7525 xe2420 xr11_firmware dss8440 xr11 m630p_firmware fc830 r350_firmware t550 xr12 nx3330_firmware mx750c nx440 t640 r830_firmware r540_firmware m830p_firmware t350 fc830_firmware t140_firmware xe7440_firmware r730_firmware xr2 m640_firmware r740xd r7515 t330 c6525_firmware xe7420_firmware r650xs_firmware t440_firmware xr2_firmware r930 nx3230_firmware c6520 PowerEdge Platform

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2022-34454

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.07% / 20.86%

||

7 Day CHG~0.00%

Published-10 Feb, 2023 | 09:48

Updated-24 Mar, 2025 | 18:35

Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a heap-based buffer overflow. A local privileged malicious user could potentially exploit this vulnerability, leading to system takeover. This impacts compliance mode clusters.

Vendor-Dell Inc.

Product-emc_powerscale_onefs PowerScale OneFS

CWE ID-CWE-122

Heap-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2021-36323

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.04% / 11.00%

||

7 Day CHG~0.00%

Published-12 Nov, 2021 | 22:15

Updated-17 Sep, 2024 | 02:02

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2021-36318

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.06% / 18.92%

||

7 Day CHG~0.00%

Published-21 Dec, 2021 | 17:05

Updated-17 Sep, 2024 | 02:10

Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage vulnerability. A high privileged user could potentially exploit this vulnerability, leading to a complete outage.

Vendor-Dell Inc.

Product-emc_avamar_server Avamar

CWE ID-CWE-532

Insertion of Sensitive Information into Log File

CWE ID-CWE-522

Insufficiently Protected Credentials

CVE-2021-36325

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.04% / 11.00%

||

7 Day CHG~0.00%

Published-12 Nov, 2021 | 22:15

Updated-16 Sep, 2024 | 20:31

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2021-36290

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.4||MEDIUM

EPSS-0.11% / 30.43%

||

7 Day CHG~0.00%

Published-08 Apr, 2022 | 19:50

Updated-16 Sep, 2024 | 16:53

Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain privileges.

Vendor-Dell Inc.

Product-vnxe1600 vnx5600 vnx5400 vnx5800 vnx_vg10 emc_unity_operating_environment vnx5200 vnx_vg50 vnx7600 vnx8000 VNX2

CWE ID-CWE-732

Incorrect Permission Assignment for Critical Resource

CWE ID-CWE-269

Improper Privilege Management

CVE-2021-36342

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.04% / 11.00%

||

7 Day CHG~0.00%

Published-24 Jan, 2022 | 20:10

Updated-16 Sep, 2024 | 18:34

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE ID-CWE-20

Improper Input Validation

CVE-2024-32854

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.10% / 28.58%

||

7 Day CHG~0.00%

Published-02 Jul, 2024 | 07:08

Updated-02 Aug, 2024 | 02:20

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privilege attacker could potentially exploit this vulnerability, leading to privilege escalation.

Vendor-Dell Inc.

Product-powerscale_onefs PowerScale OneFS powerscale_onefs

CWE ID-CWE-269

Improper Privilege Management

CVE-2024-38296

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.03% / 5.82%

||

7 Day CHG~0.00%

Published-22 Nov, 2024 | 02:58

Updated-04 Feb, 2025 | 16:05

Dell Edge Gateway 3200, versions prior to 15.40.30.2879, and Edge Gateway 5200, versions prior to 12.0.94.2380, contain an Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure.

Vendor-Dell Inc.

Product-edge_gateway_5200 intel_management_engine_firmware_update_utility edge_gateway_3200 Edge Gateway 5200 edge_gateway_5200_firmware

CWE ID-CWE-1421

Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution

CVE-2024-39579

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.03% / 7.27%

||

7 Day CHG~0.00%

Published-31 Aug, 2024 | 07:40

Updated-03 Sep, 2024 | 20:57

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contains an incorrect privilege assignment vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access.

Vendor-Dell Inc.

Product-powerscale_onefs PowerScale OneFS powerscale_onefs

CWE ID-CWE-266

Incorrect Privilege Assignment

CVE-2024-39574

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.03% / 6.33%

||

7 Day CHG~0.00%

Published-10 Sep, 2024 | 09:01

Updated-16 Sep, 2024 | 15:59

Dell PowerScale InsightIQ, version 5.1, contain an Improper Privilege Management vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service.

Vendor-Dell Inc.

Product-insightiq PowerScale InsightIQ powerscale_insightiq

CWE ID-CWE-269

Improper Privilege Management

CVE-2024-37126

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.06% / 19.12%

||

7 Day CHG~0.00%

Published-02 Jul, 2024 | 07:28

Updated-02 Aug, 2024 | 03:50

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to unauthorized gain of root-level access.

Vendor-Dell Inc.

Product-powerscale_onefs PowerScale OneFS powerscale_onefs

CWE ID-CWE-269

Improper Privilege Management

CVE-2024-37132

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.04% / 12.26%

||

7 Day CHG~0.00%

Published-02 Jul, 2024 | 07:14

Updated-02 Aug, 2024 | 03:50

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an incorrect privilege assignment vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service and Elevation of privileges.

Vendor-Dell Inc.

Product-powerscale_onefs PowerScale OneFS powerscale_onefs

CWE ID-CWE-266

Incorrect Privilege Assignment

CVE-2024-37134

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.06% / 17.77%

||

7 Day CHG~0.00%

Published-02 Jul, 2024 | 07:24

Updated-02 Aug, 2024 | 03:50

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access.

Vendor-Dell Inc.

Product-powerscale_onefs PowerScale OneFS powerscale_onefs

CWE ID-CWE-266

Incorrect Privilege Assignment

CVE-2024-53292

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.2||HIGH

EPSS-0.02% / 4.09%

||

7 Day CHG~0.00%

Published-11 Dec, 2024 | 07:55

Updated-04 Feb, 2025 | 16:16

Dell VxVerify, versions prior to x.40.405, contain a Plain-text Password Storage Vulnerability in the shell wrapper. A local high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable component with privileges of the compromised account.

Vendor-Dell Inc.

Product-vxrail_hyperconverged_infrastructure Dell VxRail HCI

CWE ID-CWE-256

Plaintext Storage of a Password

CWE ID-CWE-522

Insufficiently Protected Credentials

CVE-2024-52537

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.3||MEDIUM

EPSS-0.01% / 2.12%

||

7 Day CHG~0.00%

Published-11 Dec, 2024 | 07:26

Updated-04 Feb, 2025 | 16:13

Dell Client Platform Firmware Update Utility contains an Improper Link Resolution vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

Vendor-Dell Inc.Linux Kernel Organization, Inc Microsoft Corporation

Product-windows dock_wd19_firmware_update_utility linux_kernel dock_wd22tb4_firmware_update_utility dock_hd22q_firmware_update_utility Dell Client Platform BIOS

CWE ID-CWE-61

UNIX Symbolic Link (Symlink) Following

CWE ID-CWE-59

Improper Link Resolution Before File Access ('Link Following')

CVE-2020-5363

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-8.6||HIGH

EPSS-0.05% / 14.48%

||

7 Day CHG~0.00%

Published-10 Jun, 2020 | 20:40

Updated-16 Sep, 2024 | 20:53

Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell's manageability interface without knowledge of the current BIOS Admin password. This could potentially allow an unauthorized actor, with physical access and/or OS administrator privileges to the device, to gain privileged access to the platform and the hard drive.

CWE ID-CWE-158

Improper Neutralization of Null Byte or NUL Character

CVE-2020-29501

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.4||MEDIUM

EPSS-0.03% / 6.68%

||

7 Day CHG~0.00%

Published-05 Jan, 2021 | 21:40

Updated-16 Sep, 2024 | 16:43

Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore X & T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

Vendor-Dell Inc.

Product-emc_powerstore emc_powerstore_firmware PowerStore

CWE ID-CWE-312

Cleartext Storage of Sensitive Information

CVE-2022-34406

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.03% / 8.53%

||

7 Day CHG~0.00%

Published-16 Mar, 2023 | 11:00

Updated-26 Feb, 2025 | 18:58

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

Vendor-Dell Inc.

Product-r750xa_firmware t430_firmware r6515_firmware t350_firmware fc430_firmware m630_firmware t550_firmware r430 nx3330 r750xa c6420 r6515 fc430 r530_firmware r930_firmware r450 r650_firmware r6415 t130_firmware c6520_firmware t440 xe7420 m630 r640_firmware r740 r550_firmware c4130_firmware r830 r940xa r7515_firmware t340_firmware r240_firmware r630_firmware nx3230 fc640_firmware m830p r250 fc630_firmware r940xa_firmware xe2420_firmware nx3340 t640_firmware r940_firmware xe7440 r230_firmware m830_firmware c4140_firmware c6320_firmware xr12_firmware m640p r750 fc630 r730xd_firmware r7415 r550 r6415_firmware r340 xe8545 r650 nx430_firmware fc640 r630 c4130 r740xd2_firmware r7425_firmware r240 c6420_firmware t330_firmware mx740c r7425 r330_firmware c6525 t140 r750xs_firmware r330 nx430 r640 nx440_firmware mx840c m630p nx3340_firmware r750xs t630 m640 c6320 r430_firmware r650xs r350 t150_firmware r750_firmware t150 r6525 mx840c_firmware r740_firmware r450_firmware nx3240_firmware c4140 t630_firmware t340 t130 t430 r440_firmware r530 dss8440_firmware mx740c_firmware r250_firmware r940 r340_firmware r7415_firmware r840 r730 nx3240 m830 m640p_firmware xe8545_firmware r440 r740xd2 r7525_firmware r6525_firmware r730xd r540 r230 mx750c_firmware r840_firmware r740xd_firmware r7525 xe2420 xr11_firmware dss8440 xr11 m630p_firmware fc830 r350_firmware t550 xr12 nx3330_firmware mx750c nx440 t640 r830_firmware r540_firmware m830p_firmware t350 fc830_firmware t140_firmware xe7440_firmware r730_firmware xr2 m640_firmware r740xd r7515 t330 c6525_firmware xe7420_firmware r650xs_firmware t440_firmware xr2_firmware r930 nx3230_firmware c6520 PowerEdge Platform

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2022-45101

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-7.3||HIGH

EPSS-2.20% / 83.76%

||

7 Day CHG~0.00%

Published-01 Feb, 2023 | 04:41

Updated-26 Mar, 2025 | 20:22

Dell PowerScale OneFS 9.0.0.x - 9.4.0.x, contains an Improper Handling of Insufficient Privileges vulnerability in NFS. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and remote execution.

Vendor-Dell Inc.

Product-emc_powerscale_onefs PowerScale OneFS

CWE ID-CWE-274

Improper Handling of Insufficient Privileges

CWE ID-CWE-269

Improper Privilege Management

CVE-2022-23160

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-5.4||MEDIUM

EPSS-0.10% / 28.79%

||

7 Day CHG~0.00%

Published-12 Apr, 2022 | 17:50

Updated-17 Sep, 2024 | 02:31

Dell PowerScale OneFS, versions 8.2.0-9.3.0, contains an Improper Handling of Insufficient Permissions vulnerability. An remote malicious user could potentially exploit this vulnerability, leading to gaining write permissions on read-only files.

Vendor-Dell Inc.

Product-emc_powerscale_onefs PowerScale OneFS

CWE ID-CWE-274

Improper Handling of Insufficient Privileges

CWE ID-CWE-269

Improper Privilege Management

CVE-2025-20177

Matching Score-4

Assigner-Cisco Systems, Inc.

View Details

Matching Score-4

Assigner-Cisco Systems, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.02% / 3.28%

||

7 Day CHG~0.00%

Published-12 Mar, 2025 | 16:13

Updated-06 Aug, 2025 | 17:04

Cisco IOS XR Software Image Verification Bypass Vulnerability

A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device. This vulnerability is due to incomplete validation of files in the boot verification process. An attacker could exploit this vulnerability by manipulating the system configuration options to bypass some of the integrity checks that are performed during the boot process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass the requirement to run Cisco-signed images or alter the security properties of the running system. Note: Because exploitation of this vulnerability could result in the attacker bypassing Cisco image verification, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High.

Vendor-Cisco Systems, Inc.

Product-8201-32fh-o 8501-sys-mt 8700 8122-64ehf-o ncs_540-12z20g-sys-a 8011-4g24y4h-i 8101-32fh-o ncs_540-fh-csr-sys ncs_540x-8z16g-sys-d 8202 ncs_1014 8404 8101-32fh ncs_540x-16z8q2c-d 8818 ncs_57c1-48q6-sys ncs_540-6z14s-sys-d ncs_540x-acc-sys ios_xr ncs_540x-6z18g-sys-a 8804 8111-32eh-o ncs_540x-8z16g-sys-a 8102-64h ncs_540x-6z18g-sys-d 8122-64eh-o 8712-mod-m ncs_57b1-6d24-sys ncs_540x-16z4g8q2c-a ncs_540x-12z16g-sys-d ncs_540-6z18g-sys-a ncs_540-24z8q2c-sys ncs_540-12z20g-sys-d 8212-48fh-m ncs_540-fh-agg ncs_540-24q2c2dd-sys ncs_540x-12z16g-sys-a ncs_540x-4z14g2q-d ncs_57c3-mod-sys 8102-64h-o 8201-32fh ncs_540-24q8l2dd-sys 8812 8201-24h8fh 8201 ncs_540-28z4c-sys-d 8808 ncs_1010 ncs_540x-16z4g8q2c-d 8608 8711-32fh-m ncs_540-acc-sys ncs_540x-4z14g2q-a ncs_540-6z18g-sys-d ncs_540-28z4c-sys-a ncs_57d2-18dd-sys 8202-32fh-m ncs_57b1-5dse-sys 8101-32h-o 8102-28fh-dpu-o Cisco IOS XR Software

CWE ID-CWE-274

Improper Handling of Insufficient Privileges

CVE-2023-32494

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs