Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-0172

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-03 Apr, 2024 | 09:09
Updated At-20 Aug, 2024 | 20:30
Rejected At-
Credits

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:03 Apr, 2024 | 09:09
Updated At:20 Aug, 2024 | 20:30
Rejected At:
â–¼CVE Numbering Authority (CNA)

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.

Affected Products
Vendor
Dell Inc.Dell
Product
PowerEdge Platform
Default Status
unaffected
Versions
Affected
  • From N/A before 1.5.6 (semver)
  • From N/A before 1.1.3 (semver)
  • From N/A before 1.1.4 (semver)
  • From N/A before 1.2.5 (semver)
  • From N/A before 1.3.6 (semver)
  • From N/A before 1.4.6 (semver)
  • From N/A before 1.11.2 (semver)
  • From N/A before 1.7.3 (semver)
  • From N/A before 1.12.1 (semver)
  • From N/A before 2.12.4 (semver)
  • From N/A before 2.19.1 (semver)
  • From N/A before 2.19.0 (semver)
  • From N/A before 2.14.1 (semver)
  • From N/A before 1.20.0 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-269CWE-269: Improper Privilege Management
Type: CWE
CWE ID: CWE-269
Description: CWE-269: Improper Privilege Management
Metrics
VersionBase scoreBase severityVector
3.17.9HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L
Version: 3.1
Base score: 7.9
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000223727/dsa-2024-035-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerability
vendor-advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000223727/dsa-2024-035-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerability
Resource:
vendor-advisory
â–¼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000223727/dsa-2024-035-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerability
vendor-advisory
x_transferred
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000223727/dsa-2024-035-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerability
Resource:
vendor-advisory
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Vendor
Dell Inc.dell
Product
poweredge_r660_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r660_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.5.6 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r760_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r760_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.5.6 (custom)
Vendor
Dell Inc.dell
Product
poweredge_c6620_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_c6620_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.5.6 (custom)
Vendor
Dell Inc.dell
Product
poweredge_mx760c_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_mx760c_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.5.6 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r860_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r860_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.5.6 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r960_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r960_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.5.6 (custom)
Vendor
Dell Inc.dell
Product
poweredge_hs5610_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_hs5610_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.5.6 (custom)
Vendor
Dell Inc.dell
Product
poweredge_hs5620_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_hs5620_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.5.6 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r660xs_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r660xs_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.5.6 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r760xs_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r760xs_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.5.6 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r760xd2_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r760xd2_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.5.6 (custom)
Vendor
Dell Inc.dell
Product
poweredge_t560_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_t560_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.5.6 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r760xa_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r760xa_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.1.3 (custom)
Vendor
Dell Inc.dell
Product
poweredge_xe9680_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_xe9680_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.1.3 (custom)
Vendor
Dell Inc.dell
Product
poweredge_xr5610_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_xr5610_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.1.4 (custom)
Vendor
Dell Inc.dell
Product
poweredge_xr8620t_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_xr8620t_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.1.3 (custom)
Vendor
Dell Inc.dell
Product
poweredge_xr7620_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_xr7620_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.5.6 (custom)
Vendor
Dell Inc.dell
Product
poweredge_xe8640_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_xe8640_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.2.5 (custom)
Vendor
Dell Inc.dell
Product
poweredge_xe9640_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_xe9640_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.3.6 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r6615_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r6615_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.4.6 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r7615_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r7615_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.4.6 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r6625_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r6625_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.4.6 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r7625_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r7625_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.4.6 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r650_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r650_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.11.2 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r750_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r750_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.11.2 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r750xa_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r750xa_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.11.2 (custom)
Vendor
Dell Inc.dell
Product
poweredge_c6520_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_c6520_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.11.2 (custom)
Vendor
Dell Inc.dell
Product
poweredge_mx750c_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_mx750c_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.11.2 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r550_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r550_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.11.2 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r450_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r450_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.11.2 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r650xs_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r650xs_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.11.2 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r750xs_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r750xs_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.11.2 (custom)
Vendor
Dell Inc.dell
Product
poweredge_t550_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_t550_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.11.2 (custom)
Vendor
Dell Inc.dell
Product
poweredge_xr11_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_xr11_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.11.2 (custom)
Vendor
Dell Inc.dell
Product
poweredge_xr12_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_xr12_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.11.2 (custom)
Vendor
Dell Inc.dell
Product
poweredge_t150_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_t150_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.7.3 (custom)
Vendor
Dell Inc.dell
Product
poweredge_t350_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_t350_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.7.3 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r250_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r250_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.7.3 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r350_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r350_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.7.3 (custom)
Vendor
Dell Inc.dell
Product
poweredge_xr4510c_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_xr4510c_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.12.1 (custom)
Vendor
Dell Inc.dell
Product
poweredge_xr4520c_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_xr4520c_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.12.1 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r6515_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r6515_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.12.4 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r6525_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r6525_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.12.4 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r7515_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r7515_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.12.4 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r7525_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r7525_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.12.4 (custom)
Vendor
Dell Inc.dell
Product
poweredge_c6525_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_c6525_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.12.4 (custom)
Vendor
Dell Inc.dell
Product
poweredge_xe8545_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_xe8545_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.12.4 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r740_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r740_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.19.1 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r740xd_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r740xd_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.19.1 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r640_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r640_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.19.1 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r940_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r940_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.19.1 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r540_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r540_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.19.1 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r440_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r440_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.19.1 (custom)
Vendor
Dell Inc.dell
Product
poweredge_t440_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_t440_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.19.1 (custom)
Vendor
Dell Inc.dell
Product
poweredge_xr2_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_xr2_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.19.1 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r740xd2_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r740xd2_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.19.1 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r840_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r840_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.19.1 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r940xa_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r940xa_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.19.1 (custom)
Vendor
Dell Inc.dell
Product
poweredge_t640_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_t640_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.19.1 (custom)
Vendor
Dell Inc.dell
Product
poweredge_c6420_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_c6420_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.19.1 (custom)
Vendor
Dell Inc.dell
Product
poweredge_fc640_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_fc640_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.19.1 (custom)
Vendor
Dell Inc.dell
Product
poweredge_m640_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_m640_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.19.1 (custom)
Vendor
Dell Inc.dell
Product
poweredge_mx740c_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_mx740c_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.19.1 (custom)
Vendor
Dell Inc.dell
Product
poweredge_mx840c_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_mx840c_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.19.1 (custom)
Vendor
Dell Inc.dell
Product
poweredge_c4140_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_c4140_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.19.1 (custom)
Vendor
Dell Inc.dell
Product
poweredge_xe2420_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_xe2420_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.19.0 (custom)
Vendor
Dell Inc.dell
Product
poweredge_xe7420_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_xe7420_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.19.0 (custom)
Vendor
Dell Inc.dell
Product
poweredge_xe7440_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_xe7440_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.19.0 (custom)
Vendor
Dell Inc.dell
Product
poweredge_t140_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_t140_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.14.1 (custom)
Vendor
Dell Inc.dell
Product
poweredge_t340_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_t340_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.14.1 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r240_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r240_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.14.1 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r340_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r340_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.14.1 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r6415_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r6415_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.20.0 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r7415_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r7415_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.20.0 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r7425_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r7425_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.20.0 (custom)
Vendor
Dell Inc.dell
Product
emc_storage_nx3240_firmware
CPEs
  • cpe:2.3:o:dell:emc_storage_nx3240_firmware:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.19.1 (custom)
Vendor
Dell Inc.dell
Product
emc_storage_nx3340_firmware
CPEs
  • cpe:2.3:o:dell:emc_storage_nx3340_firmware:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.19.1 (custom)
Vendor
Dell Inc.dell
Product
emc_xc_core_xc450_firmware
CPEs
  • cpe:2.3:o:dell:emc_xc_core_xc450_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.11.2 (custom)
Vendor
Dell Inc.dell
Product
emc_xc_core_xc650_firmware
CPEs
  • cpe:2.3:o:dell:emc_xc_core_xc650_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.11.2 (custom)
Vendor
Dell Inc.dell
Product
emc_xc_core_xc750_firmware
CPEs
  • cpe:2.3:o:dell:emc_xc_core_xc750_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.11.2 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:03 Apr, 2024 | 10:15
Updated At:04 Feb, 2025 | 17:34

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.9HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.9
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Dell Inc.
dell
>>poweredge_r660_firmware>>Versions before 1.5.6(exclusive)
cpe:2.3:o:dell:poweredge_r660_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r660>>-
cpe:2.3:h:dell:poweredge_r660:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r760_firmware>>Versions before 1.5.6(exclusive)
cpe:2.3:o:dell:poweredge_r760_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r760>>-
cpe:2.3:h:dell:poweredge_r760:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_c6620_firmware>>Versions before 1.5.6(exclusive)
cpe:2.3:o:dell:poweredge_c6620_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_c6620>>-
cpe:2.3:h:dell:poweredge_c6620:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_mx760c_firmware>>Versions before 1.5.6(exclusive)
cpe:2.3:o:dell:poweredge_mx760c_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_mx760c>>-
cpe:2.3:h:dell:poweredge_mx760c:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r860_firmware>>Versions before 1.5.6(exclusive)
cpe:2.3:o:dell:poweredge_r860_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r860>>-
cpe:2.3:h:dell:poweredge_r860:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r960_firmware>>Versions before 1.5.6(exclusive)
cpe:2.3:o:dell:poweredge_r960_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r960>>-
cpe:2.3:h:dell:poweredge_r960:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_hs5610_firmware>>Versions before 1.5.6(exclusive)
cpe:2.3:o:dell:poweredge_hs5610_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_hs5610>>-
cpe:2.3:h:dell:poweredge_hs5610:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_hs5620_firmware>>Versions before 1.5.6(exclusive)
cpe:2.3:o:dell:poweredge_hs5620_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_hs5620>>-
cpe:2.3:h:dell:poweredge_hs5620:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r660xs_firmware>>Versions before 1.5.6(exclusive)
cpe:2.3:o:dell:poweredge_r660xs_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r660xs>>-
cpe:2.3:h:dell:poweredge_r660xs:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r760xs_firmware>>Versions before 1.5.6(exclusive)
cpe:2.3:o:dell:poweredge_r760xs_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r760xs>>-
cpe:2.3:h:dell:poweredge_r760xs:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r760xd2_firmware>>Versions before 1.5.6(exclusive)
cpe:2.3:o:dell:poweredge_r760xd2_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r760xd2>>-
cpe:2.3:h:dell:poweredge_r760xd2:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_t560_firmware>>Versions before 1.5.6(exclusive)
cpe:2.3:o:dell:poweredge_t560_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_t560>>-
cpe:2.3:h:dell:poweredge_t560:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r760xa_firmware>>Versions before 1.1.3(exclusive)
cpe:2.3:o:dell:poweredge_r760xa_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r760xa>>-
cpe:2.3:h:dell:poweredge_r760xa:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_xe9680_firmware>>Versions before 1.1.3(exclusive)
cpe:2.3:o:dell:poweredge_xe9680_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_xe9680>>-
cpe:2.3:h:dell:poweredge_xe9680:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_xr5610_firmware>>Versions before 1.1.4(exclusive)
cpe:2.3:o:dell:poweredge_xr5610_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_xr5610>>-
cpe:2.3:h:dell:poweredge_xr5610:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_xr8610t_firmware>>Versions before 1.1.3(exclusive)
cpe:2.3:o:dell:poweredge_xr8610t_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_xr8610t>>-
cpe:2.3:h:dell:poweredge_xr8610t:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_xr8620t_firmware>>Versions before 1.1.3(exclusive)
cpe:2.3:o:dell:poweredge_xr8620t_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_xr8620t>>-
cpe:2.3:h:dell:poweredge_xr8620t:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_xr7620_firmware>>Versions before 1.5.6(exclusive)
cpe:2.3:o:dell:poweredge_xr7620_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_xr7620>>-
cpe:2.3:h:dell:poweredge_xr7620:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_xe8640_firmware>>Versions before 1.2.5(exclusive)
cpe:2.3:o:dell:poweredge_xe8640_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_xe8640>>-
cpe:2.3:h:dell:poweredge_xe8640:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_xe9640_firmware>>Versions before 1.3.6(exclusive)
cpe:2.3:o:dell:poweredge_xe9640_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_xe9640>>-
cpe:2.3:h:dell:poweredge_xe9640:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r6615_firmware>>Versions before 1.4.6(exclusive)
cpe:2.3:o:dell:poweredge_r6615_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r6615>>-
cpe:2.3:h:dell:poweredge_r6615:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r7615_firmware>>Versions before 1.4.6(exclusive)
cpe:2.3:o:dell:poweredge_r7615_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r7615>>-
cpe:2.3:h:dell:poweredge_r7615:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r6625_firmware>>Versions before 1.4.6(exclusive)
cpe:2.3:o:dell:poweredge_r6625_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r6625>>-
cpe:2.3:h:dell:poweredge_r6625:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r7625_firmware>>Versions before 1.4.6(exclusive)
cpe:2.3:o:dell:poweredge_r7625_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r7625>>-
cpe:2.3:h:dell:poweredge_r7625:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r650_firmware>>Versions before 1.11.2(exclusive)
cpe:2.3:o:dell:poweredge_r650_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r650>>-
cpe:2.3:h:dell:poweredge_r650:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-269Secondarysecurity_alert@emc.com
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: CWE-269
Type: Secondary
Source: security_alert@emc.com
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.dell.com/support/kbdoc/en-us/000223727/dsa-2024-035-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerabilitysecurity_alert@emc.com
Vendor Advisory
https://www.dell.com/support/kbdoc/en-us/000223727/dsa-2024-035-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerabilityaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000223727/dsa-2024-035-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerability
Source: security_alert@emc.com
Resource:
Vendor Advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000223727/dsa-2024-035-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerability
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

977Records found
CVE-2023-44282
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 13.42%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 09:16
Updated-29 Aug, 2024 | 14:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. A local low-privileged attacker could potentially exploit this vulnerability, leading to gaining escalated privileges.

Action-Not Available
Vendor-Dell Inc.
Product-repository_managerDell Repository Manager (DRM)
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-21567
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.38%
||
7 Day CHG~0.00%
Published-10 Aug, 2021 | 19:05
Updated-16 Sep, 2024 | 22:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS 9.1.0.x contains an improper privilege management vulnerability. It may allow an authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE to elevate privilege.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-22576
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.05% / 17.07%
||
7 Day CHG~0.00%
Published-21 Aug, 2024 | 09:44
Updated-23 Aug, 2024 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Repository Manager version 3.4.2 and earlier, contain a Local Privilege Escalation Vulnerability in Installation module. A local low privileged attacker may potentially exploit this vulnerability leading to the execution of arbitrary executable on the operating system with high privileges using the existing vulnerability in operating system. Exploitation may lead to unavailability of the service.

Action-Not Available
Vendor-Dell Inc.
Product-repository_managerDell Repository Manager (DRM)repository_manager
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-34384
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.90%
||
7 Day CHG~0.00%
Published-10 Feb, 2023 | 20:03
Updated-26 Mar, 2025 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist Client Consumer (version 3.11.1 and prior), SupportAssist Client Commercial (version 3.2 and prior), Dell Command | Update, Dell Update, and Alienware Update versions before 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user may potentially exploit this vulnerability, leading to privilege escalation.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_business_pcscommand_updatesupportassist_for_home_pcsupdatealienware_updateSupportAssist Client Consumer
CWE ID-CWE-250
Execution with Unnecessary Privileges
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-49558
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.46%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 03:22
Updated-15 Nov, 2024 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-smartfabric_os10SmartFabric OS10 Softwaresmartfabric_os10
CWE ID-CWE-269
Improper Privilege Management
CVE-2026-24510
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.90%
||
7 Day CHG~0.00%
Published-11 Mar, 2026 | 18:59
Updated-16 Mar, 2026 | 20:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_command_centerAlienware Command Center (AWCC)
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-26191
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.67%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 21:25
Updated-16 Sep, 2024 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain a privilege escalation vulnerability. A user with ISI_PRIV_JOB_ENGINE may use the PermissionRepair job to grant themselves the highest level of RBAC privileges thus being able to read arbitrary data, tamper with system software or deny service to users.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-26181
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.04% / 11.63%
||
7 Day CHG~0.00%
Published-05 Jan, 2021 | 21:40
Updated-16 Sep, 2024 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability on a SmartLock Compliance mode cluster. The compadmin user connecting using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE can elevate privileges to the root user if they have ISI PRIV HARDENING privileges.

Action-Not Available
Vendor-Dell Inc.
Product-emc_isilon_onefsemc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-269
Improper Privilege Management
CVE-2015-0949
Matching Score-10
Assigner-CERT/CC
ShareView Details
Matching Score-10
Assigner-CERT/CC
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.02%
||
7 Day CHG~0.00%
Published-30 Jan, 2020 | 20:45
Updated-06 Aug, 2024 | 04:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09, and possibly other BIOS implementations does not ensure that function calls operate on SMRAM memory locations, which allows local users to bypass the Secure Boot protection mechanism and gain privileges by leveraging write access to physical memory.

Action-Not Available
Vendor-HPDell Inc.HP Inc.
Product-latitude_e6430elitebook_850_g1latitude_e6430_firmwareelitebook_850_g1_firmwareLatitude E6430EliteBook 850 G1
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-3735
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.03% / 10.33%
||
7 Day CHG~0.00%
Published-20 Jun, 2019 | 21:43
Updated-17 Sep, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist for Home PCs version 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1 contain an Improper Privilege Management Vulnerability. A malicious local user can exploit this vulnerability by inheriting a system thread using a leaked thread handle to gain system privileges on the affected machine.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_business_pcssupportassist_for_home_pcsDell SupportAssist for Home PCsDell SupportAssist for Business PCs
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-44292
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 13.42%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 09:22
Updated-14 Aug, 2024 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. A local low-privileged attacker could potentially exploit this vulnerability, leading to gaining escalated privileges.

Action-Not Available
Vendor-Dell Inc.
Product-repository_managerDell Repository Manager (DRM)repository_manager
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-32451
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.03% / 9.20%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 07:46
Updated-07 Nov, 2024 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Display Manager application, version 2.1.1.17, contains a vulnerability that low privilege user can execute malicious code during installation and uninstallation

Action-Not Available
Vendor-Dell Inc.
Product-display_managerDell Display Manager
CWE ID-CWE-272
Least Privilege Violation
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-32487
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 13.69%
||
7 Day CHG~0.00%
Published-16 Aug, 2023 | 13:28
Updated-08 Oct, 2024 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, 8.2.x - 9.5.0.x, contains an elevation of privilege vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service, code execution and information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-39257
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.03% / 9.38%
||
7 Day CHG~0.00%
Published-02 Dec, 2023 | 04:22
Updated-02 Aug, 2024 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Rugged Control Center, version prior to 4.7, contains an Improper Access Control vulnerability. A local malicious standard user could potentially exploit this vulnerability to modify the content in an unsecured folder when product installation repair is performed, leading to privilege escalation on the system.

Action-Not Available
Vendor-Dell Inc.
Product-rugged_control_centerRugged Control Center (RCC)
CWE ID-CWE-284
Improper Access Control
CVE-2023-3039
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.06% / 18.77%
||
7 Day CHG+0.01%
Published-12 Sep, 2023 | 06:06
Updated-26 Sep, 2024 | 14:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SD ROM Utility, versions prior to 1.0.2.0 contain an Improper Access Control vulnerability. A low-privileged malicious user may potentially exploit this vulnerability to perform arbitrary code execution with limited access.

Action-Not Available
Vendor-Dell Inc.
Product-sd_rom_utilitySD ROM Utility
CWE ID-CWE-284
Improper Access Control
CVE-2023-28079
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.08% / 22.83%
||
7 Day CHG~0.00%
Published-30 May, 2023 | 15:20
Updated-10 Jan, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains Insecure File and Folder Permissions vulnerability. A regular user (non-admin) can exploit the weak folder and file permissions to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM.

Action-Not Available
Vendor-Dell Inc.
Product-powerpathPowerPath Windows
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-28073
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.01% / 1.42%
||
7 Day CHG~0.00%
Published-23 Jun, 2023 | 10:42
Updated-04 Dec, 2024 | 14:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper authentication vulnerability. A locally authenticated malicious user may potentially exploit this vulnerability by bypassing certain authentication mechanisms in order to elevate privileges on the system.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_5530precision_3570_firmwarelatitude_5530_firmwareprecision_3570CPG BIOS
CWE ID-CWE-287
Improper Authentication
CVE-2023-28051
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.11% / 28.69%
||
7 Day CHG~0.00%
Published-07 Apr, 2023 | 07:20
Updated-10 Feb, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Power Manager, versions 3.10 and prior, contains an Improper Access Control vulnerability. A low-privileged attacker could potentially exploit this vulnerability to elevate privileges on the system.

Action-Not Available
Vendor-Dell Inc.
Product-power_managerDell Power Manager (DPM)
CWE ID-CWE-284
Improper Access Control
CVE-2023-44283
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.28%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 07:49
Updated-17 Oct, 2024 | 14:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Dell SupportAssist for Home PCs (between v3.0 and v3.14.1) and SupportAssist for Business PCs (between v3.0 and v3.4.1), a security concern has been identified, impacting locally authenticated users on their respective PCs. This issue may potentially enable privilege escalation and the execution of arbitrary code, in the Windows system context, and confined to that specific local PC.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_business_pcssupportassist_for_home_pcsSupportAssist for Home PCsSupportAssist for Business PCssupportassist_for_business_pcssupportassist_for_home_pcs
CWE ID-CWE-284
Improper Access Control
CVE-2023-28070
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 28.69%
||
7 Day CHG~0.00%
Published-03 May, 2023 | 08:05
Updated-30 Jan, 2025 | 21:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Alienware Command Center Application, versions 5.5.43.0 and prior, contain an improper access control vulnerability. A local malicious user could potentially exploit this vulnerability during installation or update process leading to privilege escalation.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_command_centerAlienware Command Center (AWCC)
CWE ID-CWE-284
Improper Access Control
CVE-2023-28068
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.04% / 12.57%
||
7 Day CHG~0.00%
Published-05 May, 2023 | 06:41
Updated-29 Jan, 2025 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command Monitor, versions 10.9 and prior, contains an improper folder permission vulnerability. A local authenticated malicious user can potentially exploit this vulnerability leading to privilege escalation by writing to a protected directory when Dell Command Monitor is installed to a non-default path

Action-Not Available
Vendor-Dell Inc.
Product-command_\|_monitorDell Command Monitor (DCM)
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2023-28047
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.09% / 25.29%
||
7 Day CHG~0.00%
Published-20 Apr, 2023 | 06:59
Updated-05 Feb, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder creation vulnerability during installation. A local low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code on the operating system with high privileges.

Action-Not Available
Vendor-Dell Inc.
Product-display_managerDell Display Manager
CWE ID-CWE-272
Least Privilege Violation
CVE-2023-28066
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.12% / 30.01%
||
7 Day CHG+0.06%
Published-01 Jun, 2023 | 15:40
Updated-08 Jan, 2025 | 21:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell OS Recovery Tool, versions 2.2.4013 and 2.3.7012.0, contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability in order to elevate privileges on the system.

Action-Not Available
Vendor-Dell Inc.
Product-os_recovery_toolDell OS Recovery Tool
CWE ID-CWE-284
Improper Access Control
CVE-2023-28072
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.49%
||
7 Day CHG~0.00%
Published-04 Sep, 2023 | 15:38
Updated-30 Sep, 2024 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Alienware Command Center, versions prior to 5.5.51.0, contain a deserialization of untrusted data vulnerability. A local malicious user could potentially send specially crafted requests to the .NET Remoting server to run arbitrary code on the system.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_command_centerAlienware Command Center (AWCC)
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-53289
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.90%
||
7 Day CHG~0.00%
Published-11 Dec, 2024 | 07:40
Updated-04 Feb, 2025 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell ThinOS version 2408 contains a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

Action-Not Available
Vendor-Dell Inc.
Product-thinosWyse Proprietary OS (Modern ThinOS)
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2023-25940
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.12% / 30.92%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 10:14
Updated-11 Feb, 2025 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS version 9.5.0.0 contains improper link resolution before file access vulnerability in isi_gather_info. A high privileged local attacker could potentially exploit this vulnerability, leading to system takeover and it breaks the compliance mode guarantees.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2023-25542
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.10% / 27.19%
||
7 Day CHG~0.00%
Published-06 Apr, 2023 | 06:17
Updated-10 Feb, 2025 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Trusted Device Agent, versions prior to 5.3.0, contain(s) an improper installation permissions vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to escalated privileges.

Action-Not Available
Vendor-Dell Inc.
Product-trusted_device_agent Dell Trusted Device Client
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-25543
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.20%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 06:31
Updated-02 Aug, 2024 | 11:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Power Manager, versions prior to 3.14, contain an Improper Authorization vulnerability in DPM service. A low privileged malicious user could potentially exploit this vulnerability in order to elevate privileges on the system.

Action-Not Available
Vendor-Dell Inc.
Product-power_managerDell Power Manager (DPM)
CWE ID-CWE-280
Improper Handling of Insufficient Permissions or Privileges
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2019-3763
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.05% / 15.51%
||
7 Day CHG~0.00%
Published-11 Sep, 2019 | 19:17
Updated-16 Sep, 2024 | 22:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain an information exposure vulnerability. The Office 365 user password may get logged in a plain text format in the Office 365 connector debug log file. An authenticated malicious local user with access to the debug logs may obtain the exposed password to use in further attacks.

Action-Not Available
Vendor-Dell Inc.
Product-rsa_identity_governance_and_lifecyclersa_via_lifecycle_and_governanceRSA Via Lifecycle and GovernanceRSA Identity Governance and Lifecycle
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2023-24569
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.99%
||
7 Day CHG~0.00%
Published-10 Feb, 2023 | 12:57
Updated-24 Mar, 2025 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Alienware Command Center versions 5.5.37.0 and prior contain an Improper Input validation vulnerability. A local authenticated malicious user could potentially send malicious input to a named pipe in order to elevate privileges on the system.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_command_centerAlienware Command Center (AWCC)
CWE ID-CWE-20
Improper Input Validation
CVE-2023-24575
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.99%
||
7 Day CHG~0.00%
Published-21 Feb, 2023 | 04:03
Updated-12 Mar, 2025 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Multifunction Printer E525w Driver and Software Suite, versions prior to 1.047.2022, A05, contain a local privilege escalation vulnerability that could be exploited by malicious users to compromise the affected system

Action-Not Available
Vendor-Dell Inc.
Product-multifunction_printer_e525w_driver_and_software_suiteDell Multifunction Printer E525w Driver and Software Suite
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2024-49565
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.19% / 41.19%
||
7 Day CHG~0.00%
Published-28 Mar, 2025 | 01:28
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-49600
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.08% / 24.62%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 14:56
Updated-04 Feb, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Power Manager (DPM), versions prior to 3.17, contain an improper access control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of Privileges.

Action-Not Available
Vendor-Dell Inc.
Product-power_managerDell Power Manager (DPM)
CWE ID-CWE-284
Improper Access Control
CVE-2024-49560
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.30% / 53.96%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 03:17
Updated-15 Nov, 2024 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a command injection vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.

Action-Not Available
Vendor-Dell Inc.
Product-smartfabric_os10SmartFabric OS10 Softwaresmartfabric_os10
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-49561
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.06%
||
7 Day CHG~0.00%
Published-17 Mar, 2025 | 17:35
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-smartfabric_os10SmartFabric OS10 Software
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2023-23694
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.7||MEDIUM
EPSS-1.38% / 80.64%
||
7 Day CHG+1.17%
Published-23 May, 2023 | 06:08
Updated-17 Jan, 2025 | 17:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

Action-Not Available
Vendor-Dell Inc.
Product-vxrail_hyperconverged_infrastructureDell VxRail HCI
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-48830
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.23% / 45.48%
||
7 Day CHG~0.00%
Published-17 Mar, 2025 | 16:56
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.

Action-Not Available
Vendor-Dell Inc.
Product-smartfabric_os10SmartFabric OS10 Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-49563
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.25% / 48.44%
||
7 Day CHG~0.00%
Published-28 Mar, 2025 | 01:35
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges and elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-49557
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.32% / 55.73%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 03:26
Updated-15 Nov, 2024 | 17:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

Action-Not Available
Vendor-Dell Inc.
Product-smartfabric_os10SmartFabric OS10 Softwaresmartfabric_os10
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-49564
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.19% / 41.19%
||
7 Day CHG~0.00%
Published-28 Mar, 2025 | 01:31
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges and elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-22572
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.99%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 12:54
Updated-26 Mar, 2025 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS 9.1.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in change password api. A low privilege local attacker could potentially exploit this vulnerability, leading to system takeover.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2024-47476
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.88%
||
7 Day CHG~0.00%
Published-03 Dec, 2024 | 09:59
Updated-03 Feb, 2025 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell NetWorker Management Console, version(s) 19.11, contain(s) an Improper Verification of Cryptographic Signature vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Code execution.

Action-Not Available
Vendor-Dell Inc.
Product-networker_management_consoleNetWorker Management Consolenetworker_management_console
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2024-47480
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.13% / 31.43%
||
7 Day CHG~0.00%
Published-18 Dec, 2024 | 01:05
Updated-04 Feb, 2025 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Inventory Collector Client, versions prior to 12.7.0, contains an Improper Link Resolution Before File Access vulnerability. A low-privilege attacker with local access may exploit this vulnerability, potentially resulting in Elevation of Privileges and unauthorized file system access.

Action-Not Available
Vendor-Dell Inc.
Product-inventory_collectorInventory Collector Client
CWE ID-CWE-61
UNIX Symbolic Link (Symlink) Following
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2020-5342
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.27% / 50.33%
||
7 Day CHG~0.00%
Published-09 Mar, 2020 | 19:45
Updated-16 Sep, 2024 | 21:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Digital Delivery versions prior to 3.5.2015 contain an incorrect default permissions vulnerability. A locally authenticated low-privileged malicious user could exploit this vulnerability to run an arbitrary executable with administrative privileges on the affected system.

Action-Not Available
Vendor-Dell Inc.
Product-digital_deliveryDell Digital Delivery (Cirrus)
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-25941
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.47%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 10:22
Updated-11 Feb, 2025 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 8.2.x-9.5.0.x contain an elevation of privilege vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to Denial of service, escalation of privileges, and information disclosure. This vulnerability breaks the compliance mode guarantee.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-23696
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.05% / 14.38%
||
7 Day CHG~0.00%
Published-07 Feb, 2023 | 09:49
Updated-25 Mar, 2025 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command Intel vPro Out of Band, versions prior to 4.3.1, contain an Improper Authorization vulnerability. A locally authenticated malicious users could potentially exploit this vulnerability in order to write arbitrary files to the system.

Action-Not Available
Vendor-Dell Inc.
Product-command_\|_intel_vpro_out_of_bandDell Command Intel vPro Out of Band (DCIV)
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-36279
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.63%
||
7 Day CHG~0.00%
Published-16 Aug, 2021 | 22:00
Updated-16 Sep, 2024 | 23:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2021-36277
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.02% / 5.18%
||
7 Day CHG~0.00%
Published-09 Aug, 2021 | 21:05
Updated-17 Sep, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command | Update, Dell Update, and Alienware Update versions before 4.3 contains an Improper Verification of Cryptographic Signature Vulnerability. A local authenticated malicious user may exploit this vulnerability by executing arbitrary code on the system.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_command_center_applicationcommand_\|_updateupdate\/alienware_updateAlienware Command Center (AWCC)
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2021-36340
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.12%
||
7 Day CHG~0.00%
Published-20 Nov, 2021 | 01:40
Updated-23 May, 2025 | 13:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC SCG 5.00.00.10 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information and use it.

Action-Not Available
Vendor-Dell Inc.
Product-secure_connect_gatewaySecure Connect Gateway (SCG) 5.0 Application
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2024-37129
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 18.51%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 08:47
Updated-13 Aug, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Inventory Collector, versions prior to 12.3.0.6 contains a Path Traversal vulnerability. A local authenticated malicious user could potentially exploit this vulnerability, leading to arbitrary code execution on the system.

Action-Not Available
Vendor-Dell Inc.
Product-inventory_collectorDell Inventory Collectorsupportassist_for_business_pcscommand_updatesupportassist_for_home_pcsupdatealienware_update
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 19
  • 20
  • Next
Details not found