Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-0172

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-03 Apr, 2024 | 09:09
Updated At-20 Aug, 2024 | 20:30
Rejected At-
Credits

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:03 Apr, 2024 | 09:09
Updated At:20 Aug, 2024 | 20:30
Rejected At:
â–¼CVE Numbering Authority (CNA)

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.

Affected Products
Vendor
Dell Inc.Dell
Product
PowerEdge Platform
Default Status
unaffected
Versions
Affected
  • From N/A before 1.5.6 (semver)
  • From N/A before 1.1.3 (semver)
  • From N/A before 1.1.4 (semver)
  • From N/A before 1.2.5 (semver)
  • From N/A before 1.3.6 (semver)
  • From N/A before 1.4.6 (semver)
  • From N/A before 1.11.2 (semver)
  • From N/A before 1.7.3 (semver)
  • From N/A before 1.12.1 (semver)
  • From N/A before 2.12.4 (semver)
  • From N/A before 2.19.1 (semver)
  • From N/A before 2.19.0 (semver)
  • From N/A before 2.14.1 (semver)
  • From N/A before 1.20.0 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-269CWE-269: Improper Privilege Management
Type: CWE
CWE ID: CWE-269
Description: CWE-269: Improper Privilege Management
Metrics
VersionBase scoreBase severityVector
3.17.9HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L
Version: 3.1
Base score: 7.9
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000223727/dsa-2024-035-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerability
vendor-advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000223727/dsa-2024-035-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerability
Resource:
vendor-advisory
â–¼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000223727/dsa-2024-035-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerability
vendor-advisory
x_transferred
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000223727/dsa-2024-035-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerability
Resource:
vendor-advisory
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Vendor
Dell Inc.dell
Product
poweredge_r660_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r660_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.5.6 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r760_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r760_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.5.6 (custom)
Vendor
Dell Inc.dell
Product
poweredge_c6620_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_c6620_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.5.6 (custom)
Vendor
Dell Inc.dell
Product
poweredge_mx760c_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_mx760c_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.5.6 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r860_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r860_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.5.6 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r960_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r960_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.5.6 (custom)
Vendor
Dell Inc.dell
Product
poweredge_hs5610_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_hs5610_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.5.6 (custom)
Vendor
Dell Inc.dell
Product
poweredge_hs5620_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_hs5620_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.5.6 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r660xs_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r660xs_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.5.6 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r760xs_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r760xs_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.5.6 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r760xd2_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r760xd2_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.5.6 (custom)
Vendor
Dell Inc.dell
Product
poweredge_t560_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_t560_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.5.6 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r760xa_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r760xa_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.1.3 (custom)
Vendor
Dell Inc.dell
Product
poweredge_xe9680_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_xe9680_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.1.3 (custom)
Vendor
Dell Inc.dell
Product
poweredge_xr5610_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_xr5610_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.1.4 (custom)
Vendor
Dell Inc.dell
Product
poweredge_xr8620t_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_xr8620t_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.1.3 (custom)
Vendor
Dell Inc.dell
Product
poweredge_xr7620_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_xr7620_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.5.6 (custom)
Vendor
Dell Inc.dell
Product
poweredge_xe8640_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_xe8640_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.2.5 (custom)
Vendor
Dell Inc.dell
Product
poweredge_xe9640_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_xe9640_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.3.6 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r6615_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r6615_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.4.6 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r7615_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r7615_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.4.6 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r6625_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r6625_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.4.6 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r7625_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r7625_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.4.6 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r650_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r650_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.11.2 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r750_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r750_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.11.2 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r750xa_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r750xa_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.11.2 (custom)
Vendor
Dell Inc.dell
Product
poweredge_c6520_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_c6520_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.11.2 (custom)
Vendor
Dell Inc.dell
Product
poweredge_mx750c_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_mx750c_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.11.2 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r550_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r550_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.11.2 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r450_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r450_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.11.2 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r650xs_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r650xs_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.11.2 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r750xs_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r750xs_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.11.2 (custom)
Vendor
Dell Inc.dell
Product
poweredge_t550_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_t550_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.11.2 (custom)
Vendor
Dell Inc.dell
Product
poweredge_xr11_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_xr11_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.11.2 (custom)
Vendor
Dell Inc.dell
Product
poweredge_xr12_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_xr12_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.11.2 (custom)
Vendor
Dell Inc.dell
Product
poweredge_t150_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_t150_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.7.3 (custom)
Vendor
Dell Inc.dell
Product
poweredge_t350_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_t350_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.7.3 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r250_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r250_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.7.3 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r350_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r350_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.7.3 (custom)
Vendor
Dell Inc.dell
Product
poweredge_xr4510c_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_xr4510c_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.12.1 (custom)
Vendor
Dell Inc.dell
Product
poweredge_xr4520c_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_xr4520c_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.12.1 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r6515_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r6515_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.12.4 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r6525_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r6525_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.12.4 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r7515_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r7515_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.12.4 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r7525_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r7525_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.12.4 (custom)
Vendor
Dell Inc.dell
Product
poweredge_c6525_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_c6525_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.12.4 (custom)
Vendor
Dell Inc.dell
Product
poweredge_xe8545_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_xe8545_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.12.4 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r740_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r740_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.19.1 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r740xd_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r740xd_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.19.1 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r640_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r640_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.19.1 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r940_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r940_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.19.1 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r540_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r540_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.19.1 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r440_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r440_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.19.1 (custom)
Vendor
Dell Inc.dell
Product
poweredge_t440_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_t440_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.19.1 (custom)
Vendor
Dell Inc.dell
Product
poweredge_xr2_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_xr2_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.19.1 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r740xd2_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r740xd2_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.19.1 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r840_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r840_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.19.1 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r940xa_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r940xa_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.19.1 (custom)
Vendor
Dell Inc.dell
Product
poweredge_t640_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_t640_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.19.1 (custom)
Vendor
Dell Inc.dell
Product
poweredge_c6420_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_c6420_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.19.1 (custom)
Vendor
Dell Inc.dell
Product
poweredge_fc640_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_fc640_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.19.1 (custom)
Vendor
Dell Inc.dell
Product
poweredge_m640_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_m640_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.19.1 (custom)
Vendor
Dell Inc.dell
Product
poweredge_mx740c_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_mx740c_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.19.1 (custom)
Vendor
Dell Inc.dell
Product
poweredge_mx840c_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_mx840c_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.19.1 (custom)
Vendor
Dell Inc.dell
Product
poweredge_c4140_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_c4140_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.19.1 (custom)
Vendor
Dell Inc.dell
Product
poweredge_xe2420_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_xe2420_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.19.0 (custom)
Vendor
Dell Inc.dell
Product
poweredge_xe7420_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_xe7420_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.19.0 (custom)
Vendor
Dell Inc.dell
Product
poweredge_xe7440_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_xe7440_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.19.0 (custom)
Vendor
Dell Inc.dell
Product
poweredge_t140_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_t140_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.14.1 (custom)
Vendor
Dell Inc.dell
Product
poweredge_t340_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_t340_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.14.1 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r240_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r240_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.14.1 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r340_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r340_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.14.1 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r6415_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r6415_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.20.0 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r7415_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r7415_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.20.0 (custom)
Vendor
Dell Inc.dell
Product
poweredge_r7425_firmware
CPEs
  • cpe:2.3:o:dell:poweredge_r7425_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.20.0 (custom)
Vendor
Dell Inc.dell
Product
emc_storage_nx3240_firmware
CPEs
  • cpe:2.3:o:dell:emc_storage_nx3240_firmware:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.19.1 (custom)
Vendor
Dell Inc.dell
Product
emc_storage_nx3340_firmware
CPEs
  • cpe:2.3:o:dell:emc_storage_nx3340_firmware:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.19.1 (custom)
Vendor
Dell Inc.dell
Product
emc_xc_core_xc450_firmware
CPEs
  • cpe:2.3:o:dell:emc_xc_core_xc450_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.11.2 (custom)
Vendor
Dell Inc.dell
Product
emc_xc_core_xc650_firmware
CPEs
  • cpe:2.3:o:dell:emc_xc_core_xc650_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.11.2 (custom)
Vendor
Dell Inc.dell
Product
emc_xc_core_xc750_firmware
CPEs
  • cpe:2.3:o:dell:emc_xc_core_xc750_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.11.2 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:03 Apr, 2024 | 10:15
Updated At:04 Feb, 2025 | 17:34

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.9HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.9
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Dell Inc.
dell
>>poweredge_r660_firmware>>Versions before 1.5.6(exclusive)
cpe:2.3:o:dell:poweredge_r660_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r660>>-
cpe:2.3:h:dell:poweredge_r660:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r760_firmware>>Versions before 1.5.6(exclusive)
cpe:2.3:o:dell:poweredge_r760_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r760>>-
cpe:2.3:h:dell:poweredge_r760:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_c6620_firmware>>Versions before 1.5.6(exclusive)
cpe:2.3:o:dell:poweredge_c6620_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_c6620>>-
cpe:2.3:h:dell:poweredge_c6620:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_mx760c_firmware>>Versions before 1.5.6(exclusive)
cpe:2.3:o:dell:poweredge_mx760c_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_mx760c>>-
cpe:2.3:h:dell:poweredge_mx760c:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r860_firmware>>Versions before 1.5.6(exclusive)
cpe:2.3:o:dell:poweredge_r860_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r860>>-
cpe:2.3:h:dell:poweredge_r860:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r960_firmware>>Versions before 1.5.6(exclusive)
cpe:2.3:o:dell:poweredge_r960_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r960>>-
cpe:2.3:h:dell:poweredge_r960:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_hs5610_firmware>>Versions before 1.5.6(exclusive)
cpe:2.3:o:dell:poweredge_hs5610_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_hs5610>>-
cpe:2.3:h:dell:poweredge_hs5610:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_hs5620_firmware>>Versions before 1.5.6(exclusive)
cpe:2.3:o:dell:poweredge_hs5620_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_hs5620>>-
cpe:2.3:h:dell:poweredge_hs5620:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r660xs_firmware>>Versions before 1.5.6(exclusive)
cpe:2.3:o:dell:poweredge_r660xs_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r660xs>>-
cpe:2.3:h:dell:poweredge_r660xs:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r760xs_firmware>>Versions before 1.5.6(exclusive)
cpe:2.3:o:dell:poweredge_r760xs_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r760xs>>-
cpe:2.3:h:dell:poweredge_r760xs:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r760xd2_firmware>>Versions before 1.5.6(exclusive)
cpe:2.3:o:dell:poweredge_r760xd2_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r760xd2>>-
cpe:2.3:h:dell:poweredge_r760xd2:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_t560_firmware>>Versions before 1.5.6(exclusive)
cpe:2.3:o:dell:poweredge_t560_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_t560>>-
cpe:2.3:h:dell:poweredge_t560:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r760xa_firmware>>Versions before 1.1.3(exclusive)
cpe:2.3:o:dell:poweredge_r760xa_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r760xa>>-
cpe:2.3:h:dell:poweredge_r760xa:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_xe9680_firmware>>Versions before 1.1.3(exclusive)
cpe:2.3:o:dell:poweredge_xe9680_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_xe9680>>-
cpe:2.3:h:dell:poweredge_xe9680:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_xr5610_firmware>>Versions before 1.1.4(exclusive)
cpe:2.3:o:dell:poweredge_xr5610_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_xr5610>>-
cpe:2.3:h:dell:poweredge_xr5610:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_xr8610t_firmware>>Versions before 1.1.3(exclusive)
cpe:2.3:o:dell:poweredge_xr8610t_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_xr8610t>>-
cpe:2.3:h:dell:poweredge_xr8610t:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_xr8620t_firmware>>Versions before 1.1.3(exclusive)
cpe:2.3:o:dell:poweredge_xr8620t_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_xr8620t>>-
cpe:2.3:h:dell:poweredge_xr8620t:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_xr7620_firmware>>Versions before 1.5.6(exclusive)
cpe:2.3:o:dell:poweredge_xr7620_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_xr7620>>-
cpe:2.3:h:dell:poweredge_xr7620:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_xe8640_firmware>>Versions before 1.2.5(exclusive)
cpe:2.3:o:dell:poweredge_xe8640_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_xe8640>>-
cpe:2.3:h:dell:poweredge_xe8640:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_xe9640_firmware>>Versions before 1.3.6(exclusive)
cpe:2.3:o:dell:poweredge_xe9640_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_xe9640>>-
cpe:2.3:h:dell:poweredge_xe9640:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r6615_firmware>>Versions before 1.4.6(exclusive)
cpe:2.3:o:dell:poweredge_r6615_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r6615>>-
cpe:2.3:h:dell:poweredge_r6615:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r7615_firmware>>Versions before 1.4.6(exclusive)
cpe:2.3:o:dell:poweredge_r7615_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r7615>>-
cpe:2.3:h:dell:poweredge_r7615:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r6625_firmware>>Versions before 1.4.6(exclusive)
cpe:2.3:o:dell:poweredge_r6625_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r6625>>-
cpe:2.3:h:dell:poweredge_r6625:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r7625_firmware>>Versions before 1.4.6(exclusive)
cpe:2.3:o:dell:poweredge_r7625_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r7625>>-
cpe:2.3:h:dell:poweredge_r7625:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r650_firmware>>Versions before 1.11.2(exclusive)
cpe:2.3:o:dell:poweredge_r650_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>poweredge_r650>>-
cpe:2.3:h:dell:poweredge_r650:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-269Secondarysecurity_alert@emc.com
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: CWE-269
Type: Secondary
Source: security_alert@emc.com
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.dell.com/support/kbdoc/en-us/000223727/dsa-2024-035-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerabilitysecurity_alert@emc.com
Vendor Advisory
https://www.dell.com/support/kbdoc/en-us/000223727/dsa-2024-035-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerabilityaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000223727/dsa-2024-035-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerability
Source: security_alert@emc.com
Resource:
Vendor Advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000223727/dsa-2024-035-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerability
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

977Records found
CVE-2023-28073
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.01% / 1.41%
||
7 Day CHG~0.00%
Published-23 Jun, 2023 | 10:42
Updated-04 Dec, 2024 | 14:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper authentication vulnerability. A locally authenticated malicious user may potentially exploit this vulnerability by bypassing certain authentication mechanisms in order to elevate privileges on the system.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_5530precision_3570_firmwarelatitude_5530_firmwareprecision_3570CPG BIOS
CWE ID-CWE-287
Improper Authentication
CVE-2025-43730
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.4||HIGH
EPSS-0.10% / 27.18%
||
7 Day CHG~0.00%
Published-27 Aug, 2025 | 13:57
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell ThinOS 10, versions prior to 2508_10.0127, contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A local unauthenticated user could potentially exploit this vulnerability leading to Elevation of Privileges and Information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-pro_max_16_pluspro_16_plus_pb16250latitude_5440pro_max_14latitude_3420latitude_5540wyse_5070_thin_clientlatitude_3440precision_3280latitude_3450optiplex_all-in-one_7410pro_14_pc14250optiplex_3000_tcoptiplex_5400_all-in-onewyse_5470_all-in-one_thin_clientoptiplex_all-in-one_7420thinospro_rugged_13_ra13250optiplex_micro_plus_7010pro_24_all-in-onewyse_5070_extended_thin_clientpro_tower_qct1250pro_rugged_14_rb14250pro_slim_low_sffoptiplex_7020pro_16_pc16250latitude_5450latitude_5530latitude_5550wyse_5470_mtclatitude_3330precision_3260_compactlatitude_5520ThinOS 10
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2023-28072
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.54%
||
7 Day CHG~0.00%
Published-04 Sep, 2023 | 15:38
Updated-30 Sep, 2024 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Alienware Command Center, versions prior to 5.5.51.0, contain a deserialization of untrusted data vulnerability. A local malicious user could potentially send specially crafted requests to the .NET Remoting server to run arbitrary code on the system.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_command_centerAlienware Command Center (AWCC)
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-43941
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.2||HIGH
EPSS-0.07% / 20.37%
||
7 Day CHG~0.00%
Published-30 Oct, 2025 | 13:57
Updated-26 Feb, 2026 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.5 and Prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary command with root privileges. This vulnerability only affects systems without a valid license install.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-28068
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.04% / 12.62%
||
7 Day CHG~0.00%
Published-05 May, 2023 | 06:41
Updated-29 Jan, 2025 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command Monitor, versions 10.9 and prior, contains an improper folder permission vulnerability. A local authenticated malicious user can potentially exploit this vulnerability leading to privilege escalation by writing to a protected directory when Dell Command Monitor is installed to a non-default path

Action-Not Available
Vendor-Dell Inc.
Product-command_\|_monitorDell Command Monitor (DCM)
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2019-3763
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.05% / 15.57%
||
7 Day CHG~0.00%
Published-11 Sep, 2019 | 19:17
Updated-16 Sep, 2024 | 22:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain an information exposure vulnerability. The Office 365 user password may get logged in a plain text format in the Office 365 connector debug log file. An authenticated malicious local user with access to the debug logs may obtain the exposed password to use in further attacks.

Action-Not Available
Vendor-Dell Inc.
Product-rsa_identity_governance_and_lifecyclersa_via_lifecycle_and_governanceRSA Via Lifecycle and GovernanceRSA Identity Governance and Lifecycle
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-3742
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.13% / 31.36%
||
7 Day CHG~0.00%
Published-09 Aug, 2019 | 19:12
Updated-17 Sep, 2024 | 00:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell/Alienware Digital Delivery versions prior to 3.5.2013 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a named pipe that performs binary deserialization via a process hollowing technique to inject malicous code to run an executable with elevated privileges.

Action-Not Available
Vendor-Dell Inc.
Product-digital_deliveryAlienware Digital DeliveryDell Digital Delivery
CVE-2019-3744
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.08%
||
7 Day CHG~0.00%
Published-09 Aug, 2019 | 19:13
Updated-16 Sep, 2024 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell/Alienware Digital Delivery versions prior to 4.0.41 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a Universal Windows Platform application by manipulating the install software package feature with a race condition and a path traversal exploit in order to run a malicious executable with elevated privileges.

Action-Not Available
Vendor-Dell Inc.
Product-digital_deliveryAlienware Digital DeliveryDell Digital Delivery
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2019-3716
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.43%
||
7 Day CHG~0.00%
Published-13 Mar, 2019 | 22:00
Updated-16 Sep, 2024 | 22:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information Exposure Vulnerability

RSA Archer versions, prior to 6.5 SP2, contain an information exposure vulnerability. The database connection password may get logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed password to use it in further attacks.

Action-Not Available
Vendor-Dell Inc.RSA Security LLC
Product-archer_grc_platformRSA Archer
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2023-25941
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.49%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 10:22
Updated-11 Feb, 2025 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 8.2.x-9.5.0.x contain an elevation of privilege vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to Denial of service, escalation of privileges, and information disclosure. This vulnerability breaks the compliance mode guarantee.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-25958
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 10.65%
||
7 Day CHG~0.00%
Published-26 Mar, 2024 | 15:18
Updated-28 Jan, 2025 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Grab for Windows, versions up to and including 5.0.4, contain Weak Application Folder Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to privilege escalation, unauthorized access to application data, unauthorized modification of application data and service disruption.

Action-Not Available
Vendor-Dell Inc.
Product-grabGrab for Windowsgrab_for_windows
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-25537
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.1||MEDIUM
EPSS-0.06% / 18.09%
||
7 Day CHG+0.01%
Published-22 May, 2023 | 10:48
Updated-21 Jan, 2025 | 15:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.

Action-Not Available
Vendor-Dell Inc.
Product-emc_xc_core_6420_firmwareemc_xc_core_xcxr2poweredge_r440_firmwarepoweredge_m640poweredge_mx740c_firmwarepoweredge_xe7420poweredge_r640_firmwarepoweredge_t440emc_xc_core_xc740xd2_firmwarepoweredge_r940xa_firmwareemc_xc_core_xc940emc_storage_nx3240poweredge_mx840cdss_8440poweredge_t640poweredge_mx740cpoweredge_xe7440_firmwareemc_xc_core_xc740xd_firmwareemc_xc_core_xc940_firmwareemc_storage_nx3340_firmwaredss_8440_firmwareemc_xc_core_xc640_firmwarepoweredge_r840_firmwarepoweredge_c4140_firmwarepoweredge_r940poweredge_r540emc_storage_nx3240_firmwarepoweredge_m640_firmwarepoweredge_mx840c_firmwarepoweredge_r540_firmwarepoweredge_r740xdpoweredge_r740_firmwarepoweredge_r440poweredge_r740xd2_firmwareemc_xc_core_xc740xdpoweredge_xr2_firmwarepoweredge_xe2420poweredge_r940xapoweredge_xe7440poweredge_c6420poweredge_fc640_firmwareemc_xc_core_xc640emc_storage_nx3340emc_xc_core_6420poweredge_r640poweredge_t640_firmwarepoweredge_c6420_firmwarepoweredge_r740xd2poweredge_r840poweredge_xe7420_firmwarepoweredge_fc640poweredge_xe2420_firmwarepoweredge_c4140poweredge_r940_firmwarepoweredge_t440_firmwareemc_xc_core_xcxr2_firmwarepoweredge_r740xd_firmwareemc_xc_core_xc740xd2poweredge_r740poweredge_xr2PowerEdge Platform
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-25960
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.04% / 12.36%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 18:13
Updated-09 Jan, 2025 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains a cleartext transmission of sensitive information vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFSpowerscale_onefs
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2025-43729
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.78%
||
7 Day CHG~0.00%
Published-27 Aug, 2025 | 14:02
Updated-26 Feb, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell ThinOS 10, versions prior to 2508_10.0127, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A local low-privileged attacker could potentially exploit this vulnerability leading to Elevation of Privileges and Unauthorized Access.

Action-Not Available
Vendor-Dell Inc.
Product-pro_max_16_pluspro_16_plus_pb16250latitude_5440pro_max_14latitude_3420latitude_5540wyse_5070_thin_clientlatitude_3440precision_3280latitude_3450optiplex_all-in-one_7410pro_14_pc14250optiplex_3000_tcoptiplex_5400_all-in-onewyse_5470_all-in-one_thin_clientoptiplex_all-in-one_7420thinospro_rugged_13_ra13250optiplex_micro_plus_7010pro_24_all-in-onewyse_5070_extended_thin_clientpro_tower_qct1250pro_rugged_14_rb14250pro_slim_low_sffoptiplex_7020pro_16_pc16250latitude_5450latitude_5530latitude_5550wyse_5470_mtclatitude_3330precision_3260_compactlatitude_5520ThinOS 10
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2023-22572
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.04%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 12:54
Updated-26 Mar, 2025 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS 9.1.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in change password api. A low privilege local attacker could potentially exploit this vulnerability, leading to system takeover.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2021-21503
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.12% / 30.20%
||
7 Day CHG~0.00%
Published-08 Mar, 2021 | 21:44
Updated-17 Sep, 2024 | 03:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in a command. The Compadmin user could potentially exploit this vulnerability, leading to potential privileges escalation.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-22225
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.22% / 45.03%
||
7 Day CHG~0.00%
Published-12 Feb, 2024 | 18:51
Updated-07 May, 2025 | 20:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_supportassist utility. An authenticated attacker could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-22222
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.19% / 40.78%
||
7 Day CHG~0.00%
Published-12 Feb, 2024 | 19:04
Updated-01 Aug, 2024 | 22:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_udoctor utility. An authenticated malicious user with local access could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-23694
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.7||MEDIUM
EPSS-1.38% / 80.66%
||
7 Day CHG+0.99%
Published-23 May, 2023 | 06:08
Updated-17 Jan, 2025 | 17:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

Action-Not Available
Vendor-Dell Inc.
Product-vxrail_hyperconverged_infrastructureDell VxRail HCI
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-22223
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.18% / 38.77%
||
7 Day CHG~0.00%
Published-12 Feb, 2024 | 19:07
Updated-07 May, 2025 | 20:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_cbr utility. An authenticated malicious user with local access could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-22449
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.6||MEDIUM
EPSS-0.03% / 9.57%
||
7 Day CHG~0.00%
Published-01 Feb, 2024 | 09:48
Updated-17 Jun, 2025 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a missing authentication for critical function vulnerability. A low privileged local malicious user could potentially exploit this vulnerability to gain elevated access.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefs PowerScale OneFS
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-22428
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.05% / 14.45%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 04:02
Updated-13 Nov, 2024 | 20:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell iDRAC Service Module, versions 5.2.0.0 and prior, contain an Incorrect Default Permissions vulnerability. It may allow a local unprivileged user to escalate privileges and execute arbitrary code on the affected system. Dell recommends customers upgrade at the earliest opportunity.

Action-Not Available
Vendor-Dell Inc.
Product-emc_idrac_service_moduleiDRAC Service Module (iSM)
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-22227
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.30% / 54.08%
||
7 Day CHG~0.00%
Published-12 Feb, 2024 | 18:37
Updated-07 May, 2025 | 20:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_dc utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability execute commands with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-22224
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.23% / 46.30%
||
7 Day CHG~0.00%
Published-12 Feb, 2024 | 18:48
Updated-07 May, 2025 | 20:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_nas utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-22450
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.4||HIGH
EPSS-0.11% / 29.06%
||
7 Day CHG~0.00%
Published-10 Apr, 2024 | 07:08
Updated-31 Jan, 2025 | 17:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Alienware Command Center, versions prior to 6.2.7.0, contain an uncontrolled search path element vulnerability. A local malicious user could potentially inject malicious files in the file search path, leading to system compromise.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_command_centerAlienware Command Center (AWCC)alienware_command_center
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-38738
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 13.84%
||
7 Day CHG+0.03%
Published-14 Aug, 2025 | 14:36
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SupportAssist for Home PCs Installer exe version(s) 4.8.2.29006 and prior, contain(s) an Incorrect Privilege Assignment vulnerability in the Installer. A low privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_home_pcsSupportAssist for Home PCs
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2025-38747
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.06% / 20.09%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 19:48
Updated-26 Feb, 2026 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contain a Creation of Temporary File With Insecure Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to Elevation of Privileges.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_os_recoverySupportAssist OS Recovery
CWE ID-CWE-378
Creation of Temporary File With Insecure Permissions
CVE-2025-36607
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.15% / 34.94%
||
7 Day CHG~0.00%
Published-04 Aug, 2025 | 14:12
Updated-26 Feb, 2026 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.5 and prior, contain(s) an OS Command Injection Vulnerability in its svc_nas utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-36613
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-2.8||LOW
EPSS-0.05% / 17.10%
||
7 Day CHG+0.03%
Published-14 Aug, 2025 | 14:46
Updated-18 Aug, 2025 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SupportAssist for Home PCs versions 4.6.3 and prior and SupportAssist for Business PCs versions 4.5.3 and prior, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_business_pcssupportassist_for_home_pcsSupportAssist for Home PCs
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2025-36611
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.05% / 16.76%
||
7 Day CHG~0.00%
Published-30 Jul, 2025 | 16:18
Updated-26 Feb, 2026 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Encryption and Dell Security Management Server, versions prior to 11.11.0, contain an Improper Link Resolution Before File Access ('Link Following') Vulnerability. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation.

Action-Not Available
Vendor-Dell Inc.
Product-encryptionsecurity_management_serverSecurity Management ServerEncryption
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2025-36606
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.15% / 34.94%
||
7 Day CHG~0.00%
Published-04 Aug, 2025 | 14:09
Updated-26 Feb, 2026 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.5 and prior, contain(s) an OS Command Injection Vulnerability in its svc_nfssupport utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-36564
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.93%
||
7 Day CHG~0.00%
Published-03 Jun, 2025 | 14:41
Updated-26 Feb, 2026 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Encryption Admin Utilities versions prior to 11.10.2 contain an Improper Link Resolution vulnerability. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation.

Action-Not Available
Vendor-Dell Inc.
Product-encryptionEncryption Admin Utilities
CWE ID-CWE-61
UNIX Symbolic Link (Symlink) Following
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2025-36612
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 13.84%
||
7 Day CHG+0.03%
Published-14 Aug, 2025 | 14:42
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SupportAssist for Business PCs, version(s) 4.5.3 and prior, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_business_pcsSupportAssist for Business PCs
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2025-36568
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.52%
||
7 Day CHG~0.00%
Published-17 Apr, 2026 | 08:12
Updated-20 Apr, 2026 | 18:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain BoostFS for client of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain an insufficiently protected credentials vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to credential exposure. The attacker may be able to use the exposed credentials to access the system with privileges of the compromised account.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect Data Domain BoostFS
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2025-32753
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 16.70%
||
7 Day CHG~0.00%
Published-20 Jun, 2025 | 13:46
Updated-11 Jul, 2025 | 12:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1, contains an improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service, information disclosure, and information tampering.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-32747
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-0.01% / 1.48%
||
7 Day CHG~0.00%
Published-22 May, 2026 | 13:02
Updated-22 May, 2026 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-powerflex_appliance_intelligent_catalogpowerflex_rackpowerflex_managerPowerFlex Manager (Appliance)PowerFlex Manager (Rack)PowerFlex Manager
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2025-30099
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.03%
||
7 Day CHG~0.00%
Published-04 Aug, 2025 | 14:47
Updated-26 Feb, 2026 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect Data Domain Feature ReleasePowerProtect Data Domain LTS2024PowerProtect Data Domain LTS 2023
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-30100
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.16% / 36.28%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 01:10
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Alienware Command Center 6.x, versions prior to 6.7.37.0 contain an Improper Access Control Vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_command_centerAlienware Command Center (AWCC)
CWE ID-CWE-284
Improper Access Control
CVE-2025-27689
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.58%
||
7 Day CHG~0.00%
Published-12 Jun, 2025 | 20:36
Updated-26 Feb, 2026 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell iDRAC Tools, version(s) prior to 11.3.0.0, contain(s) an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-idrac_toolsiDRAC Tools
CWE ID-CWE-284
Improper Access Control
CVE-2025-27688
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.08% / 24.45%
||
7 Day CHG~0.00%
Published-18 Mar, 2025 | 15:55
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell ThinOS 2408 and prior, contains an improper permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_3420optiplex_3000_thin_clientlatitude_5440wyse_5470_all-in-one_thin_clientoptiplex_7420_all-in-onelatitude_5450latitude_3440optiplex_5400_all-in-oneoptiplex_7410_all-in-onewyse_5070_thin_clientthinoswyse_5470_mobile_thin_clientWyse Proprietary OS (Modern ThinOS)
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2025-26331
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.19% / 41.27%
||
7 Day CHG~0.00%
Published-07 Mar, 2025 | 08:06
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell ThinOS 2411 and prior, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_3420optiplex_3000_thin_clientlatitude_5440wyse_5470_all-in-one_thin_clientoptiplex_7420_all-in-onelatitude_5450latitude_3440optiplex_5400_all-in-oneoptiplex_7410_all-in-onewyse_5070_thin_clientthinoswyse_5470_mobile_thin_clientWyse Proprietary OS (Modern ThinOS)
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-24386
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.19% / 41.19%
||
7 Day CHG~0.00%
Published-28 Mar, 2025 | 02:19
Updated-26 Feb, 2026 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-24378
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.19% / 41.19%
||
7 Day CHG~0.00%
Published-28 Mar, 2025 | 02:12
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-24377
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.16% / 36.49%
||
7 Day CHG~0.00%
Published-28 Mar, 2025 | 02:16
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-24385
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.16% / 36.49%
||
7 Day CHG~0.00%
Published-28 Mar, 2025 | 01:57
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-24379
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.19% / 41.19%
||
7 Day CHG~0.00%
Published-28 Mar, 2025 | 02:09
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-24380
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.19% / 41.19%
||
7 Day CHG~0.00%
Published-28 Mar, 2025 | 02:05
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-23375
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.08% / 24.53%
||
7 Day CHG+0.03%
Published-28 Apr, 2025 | 14:28
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Manager Reporting, version(s) 19.17, contain(s) an Incorrect Use of Privileged APIs vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-powerprotect_data_managerPowerProtect Data Manager
CWE ID-CWE-648
Incorrect Use of Privileged APIs
CVE-2025-23383
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.19% / 41.19%
||
7 Day CHG~0.00%
Published-28 Mar, 2025 | 02:01
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-22480
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.07% / 22.02%
||
7 Day CHG~0.00%
Published-13 Feb, 2025 | 16:04
Updated-24 Sep, 2025 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist OS Recovery versions prior to 5.5.13.1 contain a symbolic link attack vulnerability. A low-privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary file deletion and Elevation of Privileges.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_os_recoveryDell SupportAssist OS Recovery
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CWE ID-CWE-61
UNIX Symbolic Link (Symlink) Following
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 19
  • 20
  • Next
Details not found