Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-44285

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-14 Dec, 2023 | 15:31
Updated At-02 Aug, 2024 | 19:59
Rejected At-
Credits

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:14 Dec, 2023 | 15:31
Updated At:02 Aug, 2024 | 19:59
Rejected At:
▼CVE Numbering Authority (CNA)

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege.

Affected Products
Vendor
Dell Inc.Dell
Product
PowerProtect DD
Default Status
unaffected
Versions
Affected
  • Versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110
Problem Types
TypeCWE IDDescription
CWECWE-1220CWE-1220: Insufficient Granularity of Access Control
Type: CWE
CWE ID: CWE-1220
Description: CWE-1220: Insufficient Granularity of Access Control
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Dell Technologies would like to thank Jens Krüger from SAP for reporting this issue.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000220264/dsa-2023-412-dell-technologies-powerprotect-security-update-for-multiple-security-vulnerabilities
vendor-advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000220264/dsa-2023-412-dell-technologies-powerprotect-security-update-for-multiple-security-vulnerabilities
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000220264/dsa-2023-412-dell-technologies-powerprotect-security-update-for-multiple-security-vulnerabilities
vendor-advisory
x_transferred
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000220264/dsa-2023-412-dell-technologies-powerprotect-security-update-for-multiple-security-vulnerabilities
Resource:
vendor-advisory
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:14 Dec, 2023 | 16:15
Updated At:27 Dec, 2023 | 19:30

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Dell Inc.
dell
>>powerprotect_data_protection>>Versions before 2.7.6(exclusive)
cpe:2.3:a:dell:powerprotect_data_protection:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>dp4400>>-
cpe:2.3:h:dell:dp4400:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>dp5900>>-
cpe:2.3:h:dell:dp5900:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>apex_protection_storage>>Versions before 6.2.1.110(exclusive)
cpe:2.3:a:dell:apex_protection_storage:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>apex_protection_storage>>Versions from 7.0(inclusive) to 7.10.1.15(exclusive)
cpe:2.3:a:dell:apex_protection_storage:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>powerprotect_data_domain>>Versions before 6.2.1.110(exclusive)
cpe:2.3:a:dell:powerprotect_data_domain:*:*:*:*:virtual:*:*:*
Dell Inc.
dell
>>powerprotect_data_domain>>Versions from 7.0(inclusive) to 7.12.0.0(exclusive)
cpe:2.3:a:dell:powerprotect_data_domain:*:*:*:*:virtual:*:*:*
Dell Inc.
dell
>>powerprotect_data_domain_management_center>>Versions before 6.2.1.110(exclusive)
cpe:2.3:a:dell:powerprotect_data_domain_management_center:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>powerprotect_data_domain_management_center>>Versions from 7.0(inclusive) to 7.13.0.10(exclusive)
cpe:2.3:a:dell:powerprotect_data_domain_management_center:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>emc_data_domain_os>>Versions before 6.2.1.110(exclusive)
cpe:2.3:o:dell:emc_data_domain_os:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>emc_data_domain_os>>Versions from 7.0(inclusive) to 7.12.0.0(exclusive)
cpe:2.3:o:dell:emc_data_domain_os:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>emc_data_domain_os>>Versions from 7.7(inclusive) to 7.7.5.25(exclusive)
cpe:2.3:o:dell:emc_data_domain_os:*:*:*:*:lts2022:*:*:*
Dell Inc.
dell
>>emc_data_domain_os>>Versions from 7.10(inclusive) to 7.10.1.15(exclusive)
cpe:2.3:o:dell:emc_data_domain_os:*:*:*:*:lts2023:*:*:*
Dell Inc.
dell
>>powerprotect_data_domain_management_center>>Versions from 7.7(inclusive) to 7.7.5.25(exclusive)
cpe:2.3:o:dell:powerprotect_data_domain_management_center:*:*:*:*:lts2022:*:*:*
Dell Inc.
dell
>>powerprotect_data_domain_management_center>>Versions from 7.10(inclusive) to 7.10.1.15(exclusive)
cpe:2.3:o:dell:powerprotect_data_domain_management_center:*:*:*:*:lts2023:*:*:*
Dell Inc.
dell
>>dd3300>>-
cpe:2.3:h:dell:dd3300:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>dd6400>>-
cpe:2.3:h:dell:dd6400:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>dd6900>>-
cpe:2.3:h:dell:dd6900:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>dd9400>>-
cpe:2.3:h:dell:dd9400:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>dd9900>>-
cpe:2.3:h:dell:dd9900:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE-1220Secondarysecurity_alert@emc.com
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-1220
Type: Secondary
Source: security_alert@emc.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.dell.com/support/kbdoc/en-us/000220264/dsa-2023-412-dell-technologies-powerprotect-security-update-for-multiple-security-vulnerabilitiessecurity_alert@emc.com
Vendor Advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000220264/dsa-2023-412-dell-technologies-powerprotect-security-update-for-multiple-security-vulnerabilities
Source: security_alert@emc.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

227Records found
CVE-2024-53295
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.79%
||
7 Day CHG~0.00%
Published-01 Feb, 2025 | 04:12
Updated-07 Feb, 2025 | 20:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect DD versions prior to 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect DD
CWE ID-CWE-1220
Insufficient Granularity of Access Control
CVE-2025-21107
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.91%
||
7 Day CHG~0.00%
Published-30 Jan, 2025 | 09:15
Updated-07 Feb, 2025 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell NetWorker, version(s) prior to 19.11.0.3, all versions of 19.10 & prior versions contain(s) an Unquoted Search Path or Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationDell Inc.
Product-linux_kernelwindowsnetworkerNetWorker
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2026-23856
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.57%
||
7 Day CHG~0.00%
Published-12 Feb, 2026 | 01:46
Updated-13 Feb, 2026 | 04:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell iDRAC Service Module (iSM) for Windows, versions prior to 6.0.3.1, and Dell iDRAC Service Module (iSM) for Linux, versions prior to 5.4.1.1, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-iDRAC Service Module for LinuxiDRAC Service Module
CWE ID-CWE-284
Improper Access Control
CVE-2020-26191
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.16%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 21:25
Updated-16 Sep, 2024 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain a privilege escalation vulnerability. A user with ISI_PRIV_JOB_ENGINE may use the PermissionRepair job to grant themselves the highest level of RBAC privileges thus being able to read arbitrary data, tamper with system software or deny service to users.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-26192
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.16%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 21:25
Updated-17 Sep, 2024 | 02:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerScale OneFS versions 8.2.0 - 9.1.0 contain a privilege escalation vulnerability. A non-admin user with either ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH may potentially exploit this vulnerability to read arbitrary data, tamper with system software or deny service to users. Note: no non-admin users or roles have these privileges by default.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-26193
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.87%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 21:25
Updated-16 Sep, 2024 | 21:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain an improper input validation vulnerability. A user with the ISI_PRIV_CLUSTER privilege may exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-26181
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.04% / 11.16%
||
7 Day CHG~0.00%
Published-05 Jan, 2021 | 21:40
Updated-16 Sep, 2024 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability on a SmartLock Compliance mode cluster. The compadmin user connecting using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE can elevate privileges to the root user if they have ISI PRIV HARDENING privileges.

Action-Not Available
Vendor-Dell Inc.
Product-emc_isilon_onefsemc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-269
Improper Privilege Management
CVE-2026-22277
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.16%
||
7 Day CHG~0.00%
Published-30 Jan, 2026 | 08:27
Updated-04 Feb, 2026 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell UnityVSA, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-UnityVSA
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-21418
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.16%
||
7 Day CHG~0.00%
Published-30 Jan, 2026 | 08:38
Updated-04 Feb, 2026 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.5.2 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-Unity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-26194
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.05% / 15.16%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 21:25
Updated-17 Sep, 2024 | 02:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerScale OneFS versions 8.1.2 and 8.2.2 contain an Incorrect Permission Assignment for a Critical Resource vulnerability. This may allow a non-admin user with either ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH privileges to exploit the vulnerability, leading to compromised cryptographic operations. Note: no non-admin users or roles have these privileges by default.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2023-39256
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.03% / 8.53%
||
7 Day CHG~0.00%
Published-02 Dec, 2023 | 04:18
Updated-02 Aug, 2024 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Rugged Control Center, version prior to 4.7, contains an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability to modify the content in an unsecured folder during product installation and upgrade, leading to privilege escalation on the system.

Action-Not Available
Vendor-Dell Inc.
Product-rugged_control_centerRugged Control Center (RCC)
CWE ID-CWE-284
Improper Access Control
CVE-2021-36311
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6||MEDIUM
EPSS-0.04% / 10.74%
||
7 Day CHG~0.00%
Published-23 Nov, 2021 | 20:00
Updated-16 Sep, 2024 | 22:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Networker versions prior to 19.5 contain an Improper Authorization vulnerability. Any local malicious user with networker user privileges may exploit this vulnerability to upload malicious file to unauthorized locations and execute it.

Action-Not Available
Vendor-Dell Inc.
Product-emc_networkerNetWorker
CWE ID-CWE-285
Improper Authorization
CVE-2021-36339
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.81%
||
7 Day CHG~0.00%
Published-21 Jan, 2022 | 20:15
Updated-17 Sep, 2024 | 01:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance.

Action-Not Available
Vendor-Dell Inc.
Product-unisphere_for_powermax_virtual_applianceunisphere_for_powermaxvasasolutions_enabler_virtual_appliancepowermax_ossolutions_enablerunisphere_360Solutions Enabler vApp
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2021-36340
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.57%
||
7 Day CHG~0.00%
Published-20 Nov, 2021 | 01:40
Updated-23 May, 2025 | 13:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC SCG 5.00.00.10 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information and use it.

Action-Not Available
Vendor-Dell Inc.
Product-secure_connect_gatewaySecure Connect Gateway (SCG) 5.0 Application
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2021-36289
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.41%
||
7 Day CHG~0.00%
Published-25 Jan, 2022 | 22:15
Updated-17 Sep, 2024 | 01:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information and use it.

Action-Not Available
Vendor-Dell Inc.
Product-vnx5600vnx5400vnx5800vnx_vg10emc_unity_operating_environmentvnx5200vnx_vg50vnx7600vnx8000VNX Control Station
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2021-36276
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.03% / 8.16%
||
7 Day CHG~0.00%
Published-09 Aug, 2021 | 21:05
Updated-17 Sep, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.

Action-Not Available
Vendor-Dell Inc.
Product-dbutildrv2.sys_firmwaredbutil
CWE ID-CWE-285
Improper Authorization
CVE-2024-53289
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.08% / 22.77%
||
7 Day CHG~0.00%
Published-11 Dec, 2024 | 07:40
Updated-04 Feb, 2025 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell ThinOS version 2408 contains a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

Action-Not Available
Vendor-Dell Inc.
Product-thinosWyse Proprietary OS (Modern ThinOS)
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2021-36279
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.16%
||
7 Day CHG~0.00%
Published-16 Aug, 2021 | 22:00
Updated-16 Sep, 2024 | 23:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2021-36297
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.37%
||
7 Day CHG~0.00%
Published-28 Sep, 2021 | 19:20
Updated-16 Sep, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SupportAssist Client version 3.8 and 3.9 contains an Untrusted search path vulnerability that allows attackers to load an arbitrary .dll file via .dll planting/hijacking, only by a separate administrative action that is not a default part of the SOSInstallerTool.exe installation for executing arbitrary dll's,

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_home_pcsSupportAssist Client Consumer
CWE ID-CWE-426
Untrusted Search Path
CVE-2021-36277
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.26%
||
7 Day CHG~0.00%
Published-09 Aug, 2021 | 21:05
Updated-17 Sep, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command | Update, Dell Update, and Alienware Update versions before 4.3 contains an Improper Verification of Cryptographic Signature Vulnerability. A local authenticated malicious user may exploit this vulnerability by executing arbitrary code on the system.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_command_center_applicationcommand_\|_updateupdate\/alienware_updateAlienware Command Center (AWCC)
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2024-48830
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.01%
||
7 Day CHG-0.02%
Published-17 Mar, 2025 | 16:56
Updated-14 Jul, 2025 | 20:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.

Action-Not Available
Vendor-Dell Inc.
Product-smartfabric_os10SmartFabric OS10 Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-49560
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.22% / 44.62%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 03:17
Updated-15 Nov, 2024 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a command injection vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.

Action-Not Available
Vendor-Dell Inc.
Product-smartfabric_os10SmartFabric OS10 Softwaresmartfabric_os10
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-49565
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.34%
||
7 Day CHG~0.00%
Published-28 Mar, 2025 | 01:28
Updated-08 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-49561
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.02% / 6.04%
||
7 Day CHG~0.00%
Published-17 Mar, 2025 | 17:35
Updated-08 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-smartfabric_os10SmartFabric OS10 Software
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2024-49563
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.34%
||
7 Day CHG~0.00%
Published-28 Mar, 2025 | 01:35
Updated-08 Jul, 2025 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges and elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-49557
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.24% / 46.55%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 03:26
Updated-15 Nov, 2024 | 17:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

Action-Not Available
Vendor-Dell Inc.
Product-smartfabric_os10SmartFabric OS10 Softwaresmartfabric_os10
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-49558
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.05%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 03:22
Updated-15 Nov, 2024 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-smartfabric_os10SmartFabric OS10 Softwaresmartfabric_os10
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-47978
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.08% / 22.91%
||
7 Day CHG-0.02%
Published-25 Dec, 2024 | 14:57
Updated-29 Jan, 2025 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-nativeedge_orchestratorNativeEdge
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2024-47480
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.30%
||
7 Day CHG+0.01%
Published-18 Dec, 2024 | 01:05
Updated-04 Feb, 2025 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Inventory Collector Client, versions prior to 12.7.0, contains an Improper Link Resolution Before File Access vulnerability. A low-privilege attacker with local access may exploit this vulnerability, potentially resulting in Elevation of Privileges and unauthorized file system access.

Action-Not Available
Vendor-Dell Inc.
Product-inventory_collectorInventory Collector Client
CWE ID-CWE-61
UNIX Symbolic Link (Symlink) Following
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-47476
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.52%
||
7 Day CHG~0.00%
Published-03 Dec, 2024 | 09:59
Updated-03 Feb, 2025 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell NetWorker Management Console, version(s) 19.11, contain(s) an Improper Verification of Cryptographic Signature vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Code execution.

Action-Not Available
Vendor-Dell Inc.
Product-networker_management_consoleNetWorker Management Consolenetworker_management_console
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2021-21561
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.57%
||
7 Day CHG~0.00%
Published-23 Nov, 2021 | 20:00
Updated-16 Sep, 2024 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS version 8.1.2 contains a sensitive information exposure vulnerability. This would allow a malicious user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE privileges to gain access to sensitive information in the log files.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2021-21546
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.70%
||
7 Day CHG~0.00%
Published-29 Jul, 2021 | 15:55
Updated-16 Sep, 2024 | 23:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC NetWorker versions 18.x,19.x prior to 19.3.0.4 and 19.4.0.0 contain an Information Disclosure in Log Files vulnerability. A local low-privileged user of the Networker server could potentially exploit this vulnerability to read plain-text credentials from server log files.

Action-Not Available
Vendor-Dell Inc.
Product-emc_networkerNetWorker
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2021-21503
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.12% / 30.75%
||
7 Day CHG~0.00%
Published-08 Mar, 2021 | 21:44
Updated-17 Sep, 2024 | 03:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in a command. The Compadmin user could potentially exploit this vulnerability, leading to potential privileges escalation.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-21545
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.66%
||
7 Day CHG~0.00%
Published-12 Apr, 2021 | 19:50
Updated-16 Sep, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Peripheral Manager 1.3.1 or greater contains remediation for a local privilege escalation vulnerability that could be potentially exploited to gain arbitrary code execution on the system with privileges of the system user.

Action-Not Available
Vendor-Dell Inc.
Product-peripheral_managerDell Peripheral Manager
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-21601
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.04% / 11.23%
||
7 Day CHG~0.00%
Published-10 Aug, 2021 | 19:05
Updated-17 Sep, 2024 | 03:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account.

Action-Not Available
Vendor-Dell Inc.
Product-emc_integrated_data_protection_applianceemc_data_protection_searchData Protection Search
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2021-21551
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-62.65% / 98.33%
||
7 Day CHG~0.00%
Published-04 May, 2021 | 15:15
Updated-28 Oct, 2025 | 14:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-21||Apply updates per vendor instructions.

Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.

Action-Not Available
Vendor-Dell Inc.
Product-xps_13_9370latitude_7210_2_in_1wyse_5470inspiron_7391_2-in-1precision_7540latitude_5280_mobile_thin_clientoptiplex_7460_all-in-onevostro_5300inspiron_3493inspiron_7386latitude_5310latitude_3301precision_3541vostro_14_5468xps_9530precision_3530inspiron_5348optiplex_5260_all-in-oneinspiron_3847inspiron_7786vostro_3480inspiron_3647inspiron_5770inspiron_5480latitude_e7270_mobile_thin_clientwyse_5070vostro_3501inspiron_14-5459inspiron_5300optiplex_7450_all-in-onelatitude_12_rugged_tablet_7212vostro_5880inspiron_3442optiplex_3080precision_t1700latitude_rugged_5424vostro_5391latitude_e6430_atglatitude_3300optiplex_3090_ultralatitude_5401latitude_7400_2in1vostro_3580chengming_3991latitude_5420inspiron_14-3452latitude_5500precision_t3610latitude_5410inspiron_one_2020vostro_1450latitude_5300inspiron_3168vostro_14_5471inspiron_660vostro_3591latitude_5280optiplex_390precision_7530inspiron_17_5767optiplex_5050inspiron_3580inspiron_7586latitude_5590latitude_3550latitude_3390optiplex_5040precision_3930_rackg7_7500cheng_ming_3967inspiron_7490latitude_7285latitude_e7270latitude_e7450optiplex_5480_aioprecision_5820_towerinspiron_17-5759precision_7740latitude_e6440inspiron_1545latitude_7389vostro_3900inspiron_3671latitude_3560inspiron_5402latitude_e7440alienware_m17xr4vostro_3491vostro_5502latitude_3490inspiron_5494vostro_3668latitude_5288inspiron_5323inspiron_3881inspiron_3490optiplex_3050_aioinspiron_15zprecision_m6600canvas_27vostro_7500latitude_e6330chengming_3988g7_7590inspiron_5521latitude_14_rugged_5414optiplex_5250_all-in-oneoptiplex_7480_aiovostro_5490vostro_5090latitude_3480inspiron_5485_2-in-1vostro_20_3055inspiron_7737latitude_7420vostro_3471precision_7920_towerinspiron_5408latitude_3570xps_8940inspiron_3581precision_5540latitude_e5570vostro_3660xps_15_9500latitude_12_rugged_extreme_7214vostro_5491latitude_5520vostro_3890precision_m4700xps_13_9300inspiron_3043xps_9550vostro_5410g5_5500inspiron_15_5566inspiron_14_7460inspiron_7300gaming_g3_3590latitude_3120inspiron_5400_2-in-1precision_t7500alienware_asm100precision_7710vostro_3401inspiron_7520alienware_17_51m_r2inspiron_3481vostro_3681precision_3620_towerinspiron_1210thunderbolt_dock_tb18dclatitude_xt3latitude_5550precision_7550alienware_m14xr2inspiron_2330latitude_14_rugged_extreme_7404thunderbolt_dock_tb16latitude_5289inspiron_5576xps_15_9575_2-in-1vostro_5480inspiron_3157inspiron_3471g5_5000inspiron_5590latitude_3189inspiron_11-3162alienware_m15_r4inspiron_3268inspiron_15_5567inspiron_5443latitude_14_rugged_extreme_7414xps_13_9310xps_13_9365_2-in-1g5_5090latitude_e5540optiplex_5060inspiron_3880optiplex_xe2inspiron_7501latitude_5290latitude_3400precision_3430_xlinspiron_7591_2-in-1precision_m4600xps_one_2710inspiron_5520inspiron_3593optiplex_3070latitude_e5440vostro_3500optiplex_3240_all-in-onelatitude_5175vostro_3470vostro_5481inspiron_3543latitude_e6320xps_13_9343inspiron_7472precision_17_m5750inspiron_14_gaming_7466latitude_3190_2-in-1latitude_e7250vostro_3888inspiron_15_7572inspiron_7500_2-in-1_blackvostro_230inspiron_7359inspiron_3668precision_t5610vostro_5501latitude_e5430precision_3550wyse_7040_thin_clientlatitude_7290optiplex_7071vostro_3400chengming_3977inspiron_5570optiplex_9010vostro_3901inspiron_3790inspiron_7368vostro_5581inspiron_13_5370latitude_3480_mobile_thin_clientlatitude_7390inspiron_7537optiplex_9030_aioinspiron_5491_2-in-1inspiron_7300_2-in-1vostro_3252vostro_5390latitude_rugged_extreme_7424g15_5510inspiron_1564optiplex_5055_a-serialprecision_3431_towerprecision_t7810vostro_3010vostro_3267latitude_e5420inspiron_5676inspiron_7558latitude_rugged_extreme_tablet_7220latitude_3190xps_17_9700inspiron_5584optiplex_7760_aiolatitude_e6540inspiron_7500optiplex_3046xps_7590dock_wd19precision_3520optiplex_7040precision_5510inspiron_7706_2-in-1latitude_5300_2-in-1precision_3440vostro_3583inspiron_5598precision_t5600optiplex_xe3inspiron_7791optiplex_fx130precision_t5500xps_13_9360inspiron_5548latitude_5285inspiron_5749vostro_13_5370precision_t3600latitude_5511vostro_15_3561g3_3500precision_3630_towervostro_5401alienware_14latitude_5285_2-in-1latitude_5480precision_3640vostro_2521inspiron_660slatitude_7310inspiron_5498latitude_5400inspiron_7580g5_5587inspiron_one_19precision_5530latitude_7490optiplex_7770_aioinspiron_5481_2-in-1inspiron_5482latitude_3410optiplex_9020xps_9350vostro_3800inspiron_5591_2-in-1latitude_e5270g3_3579latitude_e6230inspiron_3781inspiron_20-3052precision_7820_towervostro_15_7570vostro_20_3052inspiron_5583optiplex_7050precision_t7610latitude_3460_wyse_tclatitude_5250inspiron_7548vostro_3581latitude_9510latitude_rugged_5420optiplex_7090_ultralatitude_3590inspiron_3252precision_r5500inspiron_7591precision_3420_towerg7_7790embedded_box_pc_5000vostro_5591vostro_5590optiplex_5055_ryzen_cpuinspiron_15_gaming_7577inspiron_7790vostro_3481inspiron_24-3452precision_7720inspiron_24-3455inspiron_3646inspiron_3670inspiron_15_gaming_7567optiplex_7070_ultraprecision_7510inspiron_3780xps_15_9570vostro_3690inspiron_14_5468optiplex_5055_ryzen_apulatitude_e7470latitude_3150alienware_m18xr2precision_3240_cffinspiron_3584optiplex_7080vostro_270precision_t5810xps_15_9560optiplex_5055vostro_3584inspiron_1122inspiron_7306_2-in-1dock_wd15inspiron_7391optiplex_7020inspiron_5490_aiovostro_3905inspiron_5409inspiron_15-5559optiplex_5080inspiron_5401precision_5520precision_m6700inspiron_3520latitude_5490precision_3510precision_5530_2-in-1xps_8900xps_13_9310_2-in-1precision_t7910latitude_3500vostro_3490precision_7520optiplex_3020precision_3560inspiron_5423optiplex_3030_aiovostro_1550vostro_3671xps_12_9250inspiron_7590_2-in-1inspiron_7746latitude_12_7285inspiron_5448vostro_15_5568latitude_e5470optiplex_790precision_3540latitude_7275optiplex_7010latitude_3580precision_t3500inspiron_15_gaming_7566optiplex_990precision_3430_towerchengming_3980latitude_rugged_7424vostro_220slatitude_3470vostro_5301latitude_5310_2-in-1vostro_3070inspiron_5501latitude_5200xps_13_7390_2-in-1xps_27_7760latitude_3310_2-in-1inspiron_5491_aiolatitude_7480inspiron_5400_aioinspiron_5493inspiron_7437optiplex_fx170alienware_asm100r2latitude_7410xps_13_9380inspiron_15-3552inspiron_3443inspiron_5509latitude_5320precision_5820_xl_toweroptiplex_3040inspiron_3470latitude_7520inspiron_5406_2-in-1optiplexlatitude_3380g7_7700inspiron_3793inspiron_5301inspiron_3891vostro_3902inspiron_15-5565vostro_3900ginspiron_3437inspiron_5490inspiron_3583latitude_9410latitude_3340optiplex_7070inspiron_3542inspiron_620inspiron_5391latitude_e6220chengming_3990vostro_15_7580latitude_3350precision_5550inspiron_3421vostro_3560inspiron_7380latitude_5290_2-in-1latitude_7400precision_7730vostro_5890g3_3779latitude_7350inspiron_3048inspiron_3655inspiron_3501inspiron_5537latitude_3180latitude_7200_2-in-1vostro_3669vostro_3670vostro_3881inspiron_3480latitude_e5530wyse_5470_all-in-oneinspiron_5577precision_7820_xl_towerinspiron_580soptiplex_7060latitude_3450alienware_area_51latitude_5495latitude_5488inspiron_15_7560inspiron_3521optiplex_7440_aioinspiron_5390inspiron_3537inspiron_5594vostro_14-5459inspiron_7506_2-in-1latitude_3160inspiron_3656optiplex_3050latitude_5501inspiron_5508latitude_5580vostro_260xps_13_9305inspiron_7590xps_13_7390optiplex_3280_aioinspiron_24-5475latitude_7370precision_7920_xl_toweroptiplex_5070optiplex_5270_aiolatitude_5450latitude_5179optiplex_3011_aiolatitude_5510inspiron_7559latitude_7390_2-in-1optiplex_3010precision_7750vostro_7590precision_5720_aiovostro_14_3458inspiron_14_gaming_7467latitude_7280latitude_e6530vostro_3667optiplex_3060inspiron_7720latitude_3510vostro_270sinspiron_3147g5_5590latitude_3460inspiron_3590g7_7588latitude_3310latitude_rugged_extreme_tablet_7220exlatitude_7380vostro_14-3446vostro_3590inspiron_5737inspiron_5580inspiron_5593latitude_5411precision_3930_xl_racklatitude_3330latitude_e7240latitude_3440optiplex_780inspiron_5543chengming_3967inspiron_7700optiplex_7780_aiovostro_3268inspiron_7500_2-in-1_silverinspiron_7390latitude_5491inspiron_15_5582_2-in-1vostro_470vostro_5402inspiron_7400latitude_7300latitude_5591precision_3551xps_8700latitude_7320precision_t7600latitude_e7270_wyse_tcdbutilinspiron_5502latitude_e6430dbutildbutil Driver
CWE ID-CWE-782
Exposed IOCTL with Insufficient Access Control
CVE-2021-21518
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.66%
||
7 Day CHG~0.00%
Published-12 Mar, 2021 | 20:10
Updated-16 Sep, 2024 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_business_pcssupportassist_for_home_pcssupportassist_client_promanageDell SupportAssist Client
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-21535
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.4||HIGH
EPSS-0.03% / 9.57%
||
7 Day CHG~0.00%
Published-30 Apr, 2021 | 17:40
Updated-16 Sep, 2024 | 23:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Hybrid Client versions prior to 1.5 contain a missing authentication for a critical function vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to gain root level access to the system.

Action-Not Available
Vendor-Dell Inc.
Product-hybrid_clientDell Hybrid Client (DHC)
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-21531
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.1||HIGH
EPSS-0.14% / 34.84%
||
7 Day CHG~0.00%
Published-30 Apr, 2021 | 21:10
Updated-17 Sep, 2024 | 03:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. A local authenticated malicious user with monitor role may exploit this vulnerability to perform unauthorized actions.

Action-Not Available
Vendor-Dell Inc.
Product-unisphere_for_powermax_virtual_applianceunisphere_for_powermaxsolutions_enabler_virtual_appliancepowermax_ossolutions_enablerUnisphere for PowerMax
CWE ID-CWE-602
Client-Side Enforcement of Server-Side Security
CWE ID-CWE-669
Incorrect Resource Transfer Between Spheres
CVE-2021-21567
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.92%
||
7 Day CHG~0.00%
Published-10 Aug, 2021 | 19:05
Updated-16 Sep, 2024 | 22:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS 9.1.0.x contains an improper privilege management vulnerability. It may allow an authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE to elevate privilege.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-37129
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 18.07%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 08:47
Updated-13 Aug, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Inventory Collector, versions prior to 12.3.0.6 contains a Path Traversal vulnerability. A local authenticated malicious user could potentially exploit this vulnerability, leading to arbitrary code execution on the system.

Action-Not Available
Vendor-Dell Inc.
Product-inventory_collectorDell Inventory Collectorsupportassist_for_business_pcscommand_updatesupportassist_for_home_pcsupdatealienware_update
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-37127
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.25%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 08:25
Updated-27 Aug, 2024 | 15:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege

Action-Not Available
Vendor-Dell Inc.
Product-peripheral_managerDell Peripheral Managerperipheral_manager
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-37142
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.10% / 28.25%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 08:19
Updated-08 Aug, 2024 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege

Action-Not Available
Vendor-Dell Inc.
Product-peripheral_managerDell Peripheral Managerperipheral_manager
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-37130
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.10% / 27.97%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 01:34
Updated-09 Jan, 2025 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains a Local Privilege Escalation vulnerability via XSL Hijacking. A local low-privileged malicious user could potentially exploit this vulnerability and escalate their privilege to the admin user and gain full control of the machine. Exploitation may lead to a complete system compromise.

Action-Not Available
Vendor-Dell Inc.
Product-openmanage_server_administratorDell OpenManage Server Administratoropenmanage_server_administrator
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-25543
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.35%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 06:31
Updated-02 Aug, 2024 | 11:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Power Manager, versions prior to 3.14, contain an Improper Authorization vulnerability in DPM service. A low privileged malicious user could potentially exploit this vulnerability in order to elevate privileges on the system.

Action-Not Available
Vendor-Dell Inc.
Product-power_managerDell Power Manager (DPM)
CWE ID-CWE-280
Improper Handling of Insufficient Permissions or Privileges
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2020-5316
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.78%
||
7 Day CHG~0.00%
Published-22 Jul, 2021 | 17:00
Updated-17 Sep, 2024 | 04:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist for Business PCs versions 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3 and Dell SupportAssist for Home PCs version 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, 3.2.1, 3.2.2, 3.3, 3.3.1, 3.3.2, 3.3.3, 3.4 contain an uncontrolled search path vulnerability. A locally authenticated low privileged user could exploit this vulnerability to cause the loading of arbitrary DLLs by the SupportAssist binaries, resulting in the privileged execution of arbitrary code.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_business_pcssupportassist_for_home_pcsDell SupportAssist Client
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2020-5358
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.41%
||
7 Day CHG~0.00%
Published-15 Jun, 2020 | 20:20
Updated-17 Sep, 2024 | 01:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Encryption versions prior to 10.7 and Dell Endpoint Security Suite versions prior to 2.7 contain a privilege escalation vulnerability due to incorrect permissions. A local malicious user with low privileges could potentially exploit this vulnerability to gain elevated privilege on the affected system with the help of a symbolic link.

Action-Not Available
Vendor-Dell Inc.
Product-encryptionendpoint_security_suite_enterpriseDell Encryption Enterprise
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2020-5385
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 4.52%
||
7 Day CHG~0.00%
Published-18 Aug, 2020 | 20:40
Updated-17 Sep, 2024 | 02:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Encryption versions prior to 10.8 and Dell Endpoint Security Suite versions prior to 2.8 contain a privilege escalation vulnerability because of an incomplete fix for CVE-2020-5358. A local malicious user with low privileges could potentially exploit this vulnerability to gain elevated privilege on the affected system with the help of a symbolic link.

Action-Not Available
Vendor-Dell Inc.
Product-encryptionendpoint_security_suite_enterpriseDell Encryption Enterprise
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2020-5342
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.20% / 42.22%
||
7 Day CHG~0.00%
Published-09 Mar, 2020 | 19:45
Updated-16 Sep, 2024 | 21:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Digital Delivery versions prior to 3.5.2015 contain an incorrect default permissions vulnerability. A locally authenticated low-privileged malicious user could exploit this vulnerability to run an arbitrary executable with administrative privileges on the affected system.

Action-Not Available
Vendor-Dell Inc.
Product-digital_deliveryDell Digital Delivery (Cirrus)
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-5343
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.02% / 4.63%
||
7 Day CHG~0.00%
Published-04 May, 2020 | 18:50
Updated-17 Sep, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Client platforms restored using a Dell OS recovery image downloaded before December 20, 2019, may contain an insecure inherited permissions vulnerability. A local authenticated malicious user with low privileges could exploit this vulnerability to gain unauthorized access on the root folder.

Action-Not Available
Vendor-Dell Inc.
Product-os_recovery_image_for_microsoft_windows_10CPG SW
CWE ID-CWE-277
Insecure Inherited Permissions
CWE ID-CWE-863
Incorrect Authorization
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found