ByteOS Network

Type	CWE ID	Description
CWE	CWE-283	CWE-283: Unverified Ownership

Version	Base score	Base severity	Vector
3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Hyperlink	Resource
https://www.dell.com/support/kbdoc/en-us/000359619/dsa-2025-331	vendor-advisory

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Type	Version	Base score	Base severity	Vector
Secondary	3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE ID	Type	Source
CWE-283	Primary	security_alert@emc.com

Hyperlink	Source	Resource
https://www.dell.com/support/kbdoc/en-us/000359619/dsa-2025-331	security_alert@emc.com	N/A

CVE-2022-34443

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.04% / 10.94%

||

7 Day CHG~0.00%

Published-01 Feb, 2023 | 04:19

Updated-27 Mar, 2025 | 14:11

Dell Rugged Control Center, versions prior to 4.5, contain an Improper Input Validation in the Service EndPoint. A Local Low Privilege attacker could potentially exploit this vulnerability, leading to an Escalation of privileges.

Vendor-Dell Inc.

Product-rugged_control_center Rugged Control Center (RCC)

CWE ID-CWE-20

Improper Input Validation

CVE-2022-33922

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7||HIGH

EPSS-0.11% / 30.14%

||

7 Day CHG~0.00%

Published-12 Oct, 2022 | 19:25

Updated-15 May, 2025 | 15:33

Dell GeoDrive, versions prior to 2.2, contains Insecure File and Folder Permissions vulnerabilities. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context. Dell recommends customers to upgrade at the earliest opportunity.

Vendor-Dell Inc.

Product-geodrive GeoDrive

CWE ID-CWE-276

Incorrect Default Permissions

CVE-2022-34382

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.06% / 17.38%

||

7 Day CHG~0.00%

Published-02 Sep, 2022 | 17:30

Updated-16 Sep, 2024 | 23:56

Dell Command Update, Dell Update and Alienware Update versions prior to 4.6.0 contains a Local Privilege Escalation Vulnerability in the custom catalog configuration. A local malicious user may potentially exploit this vulnerability in order to elevate their privileges.

Vendor-Dell Inc.

Product-alienware_update command_update update Dell Command Update (DCU)

CVE-2022-32488

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-8.2||HIGH

EPSS-0.02% / 4.31%

||

7 Day CHG~0.00%

Published-12 Oct, 2022 | 19:25

Updated-15 May, 2025 | 15:38

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2022-32493

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6||MEDIUM

EPSS-0.02% / 3.21%

||

7 Day CHG~0.00%

Published-12 Oct, 2022 | 19:25

Updated-15 May, 2025 | 15:35

Dell BIOS contains an Stack-Based Buffer Overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

CWE ID-CWE-121

Stack-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2024-22450

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.4||HIGH

EPSS-0.09% / 25.57%

||

7 Day CHG~0.00%

Published-10 Apr, 2024 | 07:08

Updated-31 Jan, 2025 | 17:10

Dell Alienware Command Center, versions prior to 6.2.7.0, contain an uncontrolled search path element vulnerability. A local malicious user could potentially inject malicious files in the file search path, leading to system compromise.

Vendor-Dell Inc.

Product-alienware_command_center Alienware Command Center (AWCC)alienware_command_center

CWE ID-CWE-427

Uncontrolled Search Path Element

CVE-2024-22428

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7||HIGH

EPSS-0.05% / 13.29%

||

7 Day CHG~0.00%

Published-16 Jan, 2024 | 04:02

Updated-13 Nov, 2024 | 20:54

Dell iDRAC Service Module, versions 5.2.0.0 and prior, contain an Incorrect Default Permissions vulnerability. It may allow a local unprivileged user to escalate privileges and execute arbitrary code on the affected system. Dell recommends customers upgrade at the earliest opportunity.

Vendor-Dell Inc.

Product-emc_idrac_service_module iDRAC Service Module (iSM)

CWE ID-CWE-276

Incorrect Default Permissions

CVE-2022-32487

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.02% / 4.31%

||

7 Day CHG~0.00%

Published-12 Oct, 2022 | 19:25

Updated-15 May, 2025 | 17:48

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2022-31226

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.1||HIGH

EPSS-0.11% / 29.80%

||

7 Day CHG~0.00%

Published-12 Sep, 2022 | 18:35

Updated-16 Sep, 2024 | 23:05

Dell BIOS versions contain a Stack-based Buffer Overflow vulnerability. A local authenticated malicious user could potentially exploit this vulnerability by sending excess data to a function in order to gain arbitrary code execution on the system.

Vendor-Dell Inc.

Product-precision_3660_tower inspiron_16_plus_7620_firmware inspiron_7420 xps_17_9720_firmware inspiron_5620 optiplex_7400 vostro_3910 optiplex_7000 vostro_7620_firmware inspiron_7420_firmware optiplex_5000_firmware precision_3660_tower_firmware optiplex_7000_oem optiplex_5000 inspiron_7620_firmware chengming_3900 optiplex_3000 inspiron_5420 chengming_3900_firmware xps_17_9720 vostro_3910_firmware precision_5770 inspiron_16_plus_7620 inspiron_14_plus_7420 vostro_3710_firmware vostro_5320 vostro_5620_firmware vostro_7620 optiplex_3000_thin_client inspiron_5620_firmware optiplex_5400 inspiron_5320_firmware vostro_5620 precision_5770_firmware inspiron_14_plus_7420_firmware optiplex_5400_firmware optiplex_3000_thin_client_firmware optiplex_3000_firmware optiplex_7000_firmware inspiron_5320 inspiron_3910 vostro_3710 vostro_5320_firmware optiplex_7400_firmware inspiron_3910_firmware inspiron_5420_firmware precision_3460_small_form_factor_firmware optiplex_7000_oem_firmware precision_3460_small_form_factor inspiron_7620 CPG BIOS

CWE ID-CWE-121

Stack-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2024-0168

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.23% / 46.01%

||

7 Day CHG~0.00%

Published-12 Feb, 2024 | 18:20

Updated-19 Aug, 2024 | 14:39

Dell Unity, versions prior to 5.4, contains a Command Injection Vulnerability in svc_oscheck utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability to inject arbitrary operating system commands. This vulnerability allows an authenticated attacker to execute commands with root privileges.

Vendor-Dell Inc.

Product-unity_operating_environment Unity unity_operating_environment

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2024-0167

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.28% / 50.86%

||

7 Day CHG~0.00%

Published-12 Feb, 2024 | 18:23

Updated-06 May, 2025 | 21:05

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in the svc_topstats utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability to overwrite arbitrary files on the file system with root privileges.

Vendor-Dell Inc.

Product-unity_operating_environment Unity

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2024-0165

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.22% / 44.84%

||

7 Day CHG~0.00%

Published-12 Feb, 2024 | 18:30

Updated-06 May, 2025 | 21:04

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_acldb_dump utility. An authenticated attacker could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges.

Vendor-Dell Inc.

Product-unity_operating_environment Unity

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2024-0155

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7||HIGH

EPSS-0.11% / 29.68%

||

7 Day CHG~0.00%

Published-04 Mar, 2024 | 13:00

Updated-08 Jan, 2025 | 16:10

Dell Digital Delivery, versions prior to 5.2.0.0, contain a Use After Free Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to application crash or execution of arbitrary code.

Vendor-Dell Inc.

Product-digital_delivery Dell Digital Delivery (D3)digital_delivery

CWE ID-CWE-416

Use After Free

CVE-2024-0164

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.24% / 46.74%

||

7 Day CHG~0.00%

Published-12 Feb, 2024 | 18:34

Updated-01 Aug, 2024 | 17:41

Dell Unity, versions prior to 5.4, contain an OS Command Injection Vulnerability in its svc_topstats utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary commands with elevated privileges.

Vendor-Dell Inc.

Product-unity_operating_environment Unity unity_operating_environment

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2024-0172

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.9||HIGH

EPSS-0.05% / 13.29%

||

7 Day CHG~0.00%

Published-03 Apr, 2024 | 09:09

Updated-04 Feb, 2025 | 17:34

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.

Vendor-Dell Inc.

CWE ID-CWE-269

Improper Privilege Management

CVE-2024-0166

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.24% / 46.74%

||

7 Day CHG~0.00%

Published-12 Feb, 2024 | 18:27

Updated-06 May, 2025 | 21:16

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_tcpdump utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands with elevated privileges.

Vendor-Dell Inc.

Product-unity_operating_environment Unity

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2024-0170

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.23% / 46.01%

||

7 Day CHG~0.00%

Published-12 Feb, 2024 | 18:08

Updated-06 May, 2025 | 21:06

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cava utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.

Vendor-Dell Inc.

Product-unity_operating_environment Unity

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2024-0156

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7||HIGH

EPSS-0.08% / 24.54%

||

7 Day CHG~0.00%

Published-04 Mar, 2024 | 12:54

Updated-08 Jan, 2025 | 16:13

Dell Digital Delivery, versions prior to 5.2.0.0, contain a Buffer Overflow Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to arbitrary code execution and/or privilege escalation.

Vendor-Dell Inc.

Product-digital_delivery Dell Digital Delivery (D3)dell_digital_delivery

CWE ID-CWE-122

Heap-based Buffer Overflow

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2025-38743

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.01% / 2.04%

||

7 Day CHG~0.00%

Published-21 Aug, 2025 | 18:46

Updated-22 Aug, 2025 | 18:08

Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains a Buffer Access with Incorrect Length Value vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges.

Vendor-Dell Inc.

Product-iDRAC Service Module (iSM)

CWE ID-CWE-805

Buffer Access with Incorrect Length Value

CVE-2021-36289

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.12% / 31.59%

||

7 Day CHG~0.00%

Published-25 Jan, 2022 | 22:15

Updated-17 Sep, 2024 | 01:50

Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information and use it.

Vendor-Dell Inc.

Product-vnx5600 vnx5400 vnx5800 vnx_vg10 emc_unity_operating_environment vnx5200 vnx_vg50 vnx7600 vnx8000 VNX Control Station

CWE ID-CWE-532

Insertion of Sensitive Information into Log File

CVE-2021-36339

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.15% / 35.85%

||

7 Day CHG~0.00%

Published-21 Jan, 2022 | 20:15

Updated-17 Sep, 2024 | 01:56

The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance.

Vendor-Dell Inc.

Product-unisphere_for_powermax_virtual_appliance unisphere_for_powermax vasa solutions_enabler_virtual_appliance powermax_os solutions_enabler unisphere_360 Solutions Enabler vApp

CWE ID-CWE-250

Execution with Unnecessary Privileges

CVE-2021-36279

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.04% / 10.10%

||

7 Day CHG~0.00%

Published-16 Aug, 2021 | 22:00

Updated-16 Sep, 2024 | 23:05

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster.

Vendor-Dell Inc.

Product-emc_powerscale_onefs PowerScale OneFS

CWE ID-CWE-732

Incorrect Permission Assignment for Critical Resource

CVE-2021-36340

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.05% / 14.10%

||

7 Day CHG~0.00%

Published-20 Nov, 2021 | 01:40

Updated-23 May, 2025 | 13:56

Dell EMC SCG 5.00.00.10 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information and use it.

Vendor-Dell Inc.

Product-secure_connect_gateway Secure Connect Gateway (SCG) 5.0 Application

CWE ID-CWE-532

Insertion of Sensitive Information into Log File

CVE-2021-36311

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6||MEDIUM

EPSS-0.04% / 9.64%

||

7 Day CHG~0.00%

Published-23 Nov, 2021 | 20:00

Updated-16 Sep, 2024 | 22:09

Dell EMC Networker versions prior to 19.5 contain an Improper Authorization vulnerability. Any local malicious user with networker user privileges may exploit this vulnerability to upload malicious file to unauthorized locations and execute it.

Vendor-Dell Inc.

Product-emc_networker NetWorker

CWE ID-CWE-285

Improper Authorization

CVE-2021-36297

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.05% / 16.28%

||

7 Day CHG~0.00%

Published-28 Sep, 2021 | 19:20

Updated-16 Sep, 2024 | 20:38

SupportAssist Client version 3.8 and 3.9 contains an Untrusted search path vulnerability that allows attackers to load an arbitrary .dll file via .dll planting/hijacking, only by a separate administrative action that is not a default part of the SOSInstallerTool.exe installation for executing arbitrary dll's,

Vendor-Dell Inc.

Product-supportassist_for_home_pcs SupportAssist Client Consumer

CWE ID-CWE-426

Untrusted Search Path

CVE-2023-48670

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.3||HIGH

EPSS-0.04% / 10.84%

||

7 Day CHG~0.00%

Published-22 Dec, 2023 | 15:57

Updated-02 Aug, 2024 | 21:37

Dell SupportAssist for Home PCs version 3.14.1 and prior versions contain a privilege escalation vulnerability in the installer. A local low privileged authenticated attacker may potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges.

Vendor-Dell Inc.

Product-supportassist_for_home_pcs SupportAssist Client Consumer

CWE ID-CWE-426

Untrusted Search Path

CVE-2022-29092

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.16% / 36.95%

||

7 Day CHG~0.00%

Published-10 Jun, 2022 | 20:05

Updated-17 Sep, 2024 | 02:06

Dell SupportAssist Client Consumer versions (3.11.0 and versions prior) and Dell SupportAssist Client Commercial versions (3.2.0 and versions prior) contain a privilege escalation vulnerability. A non-admin user can exploit the vulnerability and gain admin access to the system.

Vendor-Dell Inc.

Product-supportassist_for_business_pcs supportassist_for_home_pcs SupportAssist Consumer

CWE ID-CWE-427

Uncontrolled Search Path Element

CVE-2015-0949

Matching Score-8

Assigner-CERT/CC

View Details

Matching Score-8

Assigner-CERT/CC

CVSS Score-7.8||HIGH

EPSS-0.08% / 23.55%

||

7 Day CHG~0.00%

Published-30 Jan, 2020 | 20:45

Updated-06 Aug, 2024 | 04:26

The System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09, and possibly other BIOS implementations does not ensure that function calls operate on SMRAM memory locations, which allows local users to bypass the Secure Boot protection mechanism and gain privileges by leveraging write access to physical memory.

Vendor-HP Dell Inc.HP Inc.

Product-latitude_e6430 elitebook_850_g1 latitude_e6430_firmware elitebook_850_g1_firmware Latitude E6430 EliteBook 850 G1

CWE ID-CWE-269

Improper Privilege Management

CVE-2023-4401

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.43% / 61.35%

||

7 Day CHG~0.00%

Published-05 Oct, 2023 | 17:12

Updated-19 Sep, 2024 | 18:52

Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the CLI use of the ‘more’ command. A local or remote authenticated attacker could potentially exploit this vulnerability, leading to the ability to gain root-level access.

Vendor-Dell Inc.

Product-smartfabric_storage_software Dell SmartFabric Storage Software

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2021-21545

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.04% / 9.56%

||

7 Day CHG~0.00%

Published-12 Apr, 2021 | 19:50

Updated-16 Sep, 2024 | 17:44

Dell Peripheral Manager 1.3.1 or greater contains remediation for a local privilege escalation vulnerability that could be potentially exploited to gain arbitrary code execution on the system with privileges of the system user.

Vendor-Dell Inc.

Product-peripheral_manager Dell Peripheral Manager

CWE ID-CWE-427

Uncontrolled Search Path Element

CVE-2021-21601

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-8.8||HIGH

EPSS-0.04% / 10.16%

||

7 Day CHG~0.00%

Published-10 Aug, 2021 | 19:05

Updated-17 Sep, 2024 | 03:02

Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account.

Vendor-Dell Inc.

Product-emc_integrated_data_protection_appliance emc_data_protection_search Data Protection Search

CWE ID-CWE-532

Insertion of Sensitive Information into Log File

CVE-2021-21503

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.12% / 31.27%

||

7 Day CHG~0.00%

Published-08 Mar, 2021 | 21:44

Updated-17 Sep, 2024 | 03:43

PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in a command. The Compadmin user could potentially exploit this vulnerability, leading to potential privileges escalation.

Vendor-Dell Inc.

Product-emc_powerscale_onefs PowerScale OneFS

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2021-21567

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.04% / 10.94%

||

7 Day CHG~0.00%

Published-10 Aug, 2021 | 19:05

Updated-16 Sep, 2024 | 22:56

Dell PowerScale OneFS 9.1.0.x contains an improper privilege management vulnerability. It may allow an authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE to elevate privilege.

Vendor-Dell Inc.

Product-powerscale_onefs PowerScale OneFS

CWE ID-CWE-732

Incorrect Permission Assignment for Critical Resource

CWE ID-CWE-269

Improper Privilege Management

CVE-2021-21531

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-8.1||HIGH

EPSS-0.14% / 35.42%

||

7 Day CHG~0.00%

Published-30 Apr, 2021 | 21:10

Updated-17 Sep, 2024 | 03:48

Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. A local authenticated malicious user with monitor role may exploit this vulnerability to perform unauthorized actions.

Vendor-Dell Inc.

Product-unisphere_for_powermax_virtual_appliance unisphere_for_powermax solutions_enabler_virtual_appliance powermax_os solutions_enabler Unisphere for PowerMax

CWE ID-CWE-602

Client-Side Enforcement of Server-Side Security

CWE ID-CWE-669

Incorrect Resource Transfer Between Spheres

CVE-2021-21535

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.4||HIGH

EPSS-0.03% / 8.13%

||

7 Day CHG~0.00%

Published-30 Apr, 2021 | 17:40

Updated-16 Sep, 2024 | 23:35

Dell Hybrid Client versions prior to 1.5 contain a missing authentication for a critical function vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to gain root level access to the system.

Vendor-Dell Inc.

Product-hybrid_client Dell Hybrid Client (DHC)

CWE ID-CWE-306

Missing Authentication for Critical Function

CVE-2021-21546

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.04% / 11.85%

||

7 Day CHG~0.00%

Published-29 Jul, 2021 | 15:55

Updated-16 Sep, 2024 | 23:56

Dell EMC NetWorker versions 18.x,19.x prior to 19.3.0.4 and 19.4.0.0 contain an Information Disclosure in Log Files vulnerability. A local low-privileged user of the Networker server could potentially exploit this vulnerability to read plain-text credentials from server log files.

Vendor-Dell Inc.

Product-emc_networker NetWorker

CWE ID-CWE-532

Insertion of Sensitive Information into Log File

CVE-2021-21561

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.05% / 14.10%

||

7 Day CHG~0.00%

Published-23 Nov, 2021 | 20:00

Updated-16 Sep, 2024 | 19:20

Dell PowerScale OneFS version 8.1.2 contains a sensitive information exposure vulnerability. This would allow a malicious user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE privileges to gain access to sensitive information in the log files.

Vendor-Dell Inc.

Product-emc_powerscale_onefs PowerScale OneFS

CWE ID-CWE-532

Insertion of Sensitive Information into Log File

CVE-2023-44290

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.3||HIGH

EPSS-0.04% / 11.12%

||

7 Day CHG~0.00%

Published-23 Nov, 2023 | 06:46

Updated-02 Aug, 2024 | 19:59

Dell Command | Monitor versions prior to 10.10.0, contain an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability while repairing/changing installation, leading to privilege escalation.

Vendor-Dell Inc.

Product-command\|monitor Dell Command Monitor (DCM)

CWE ID-CWE-284

Improper Access Control

CVE-2023-44282

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.04% / 12.04%

||

7 Day CHG~0.00%

Published-16 Nov, 2023 | 09:16

Updated-29 Aug, 2024 | 14:50

Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. A local low-privileged attacker could potentially exploit this vulnerability, leading to gaining escalated privileges.

Vendor-Dell Inc.

Product-repository_manager Dell Repository Manager (DRM)

CWE ID-CWE-284

Improper Access Control

CWE ID-CWE-269

Improper Privilege Management

CVE-2021-21551

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-8.8||HIGH

EPSS-65.23% / 98.41%

||

7 Day CHG~0.00%

Published-04 May, 2021 | 15:15

Updated-30 Jul, 2025 | 01:38

Known KEV||Action Due Date - 2022-04-21||Apply updates per vendor instructions.

Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.

Vendor-Dell Inc.

Product-inspiron_5521 inspiron_7706_2-in-1 latitude_5520 vostro_5391 precision_5720_aio optiplex_7770_aio precision_5820_xl_tower latitude_3440 vostro_14_3458 latitude_5495 latitude_5401 latitude_e7440 xps_13_9360 inspiron_3157 optiplex_3046 latitude_12_rugged_tablet_7212 inspiron_5520 vostro_3591 inspiron_3880 vostro_3900 optiplex_7440_aio latitude_e5540 latitude_14_rugged_extreme_7414 precision_3560 precision_3420_tower wyse_5070 precision_3520 inspiron_5584 inspiron_1545 chengming_3990 latitude_e7270_wyse_tc vostro_3584 latitude_7390_2-in-1 inspiron_3168 latitude_3480 latitude_7380 inspiron_5590 vostro_260 inspiron_one_19 inspiron_7501 optiplex_7060 latitude_3310_2-in-1 latitude_3310 latitude_7400 precision_3540 vostro_14_5471 inspiron_7359 inspiron_5548 latitude_rugged_5420 inspiron_5482 alienware_asm100r2 inspiron_7391_2-in-1 latitude_12_rugged_extreme_7214 precision_m6600 vostro_5490 inspiron_5490_aio latitude_3490 inspiron_3581 precision_t7610 vostro_3800 thunderbolt_dock_tb18dc vostro_3560 precision_3550 latitude_3160 optiplex_3090_ultra latitude_e6540 inspiron_15-3552 latitude_5420 latitude_7320 inspiron_3670 xps_15_9560 inspiron_7500_2-in-1_silver inspiron_7390 optiplex_5270_aio optiplex_7460_all-in-one latitude_7290 precision_t5600 vostro_270s inspiron_5406_2-in-1 inspiron_5391 inspiron_3790 inspiron_3520 latitude_3120 inspiron_3590 inspiron_5737 latitude_e5420 xps_8700 optiplex_5250_all-in-one vostro_5390 latitude_e5570 vostro_3900g precision_3530 latitude_e5270 inspiron_5443 inspiron_7591 optiplex_7080 latitude_3560 latitude_5491 vostro_3400 optiplex_7040 dbutil precision_7520 latitude_7420 vostro_1550 inspiron_5409 inspiron_15_gaming_7566 latitude_xt3 g7_7790 vostro_15_7570 latitude_rugged_extreme_tablet_7220 latitude_3301 latitude_3410 inspiron_2330 optiplex_7071 inspiron_14_5468 inspiron_24-5475 inspiron_5481_2-in-1 precision_t7910 vostro_5480 inspiron_5498 vostro_3010 inspiron_3656 precision_t5810 inspiron_620 xps_9530 latitude_5490 vostro_7590 optiplex_5050 latitude_3470 latitude_7200_2-in-1 latitude_3480_mobile_thin_client vostro_3501 xps_8940 optiplex_fx130 precision_7920_tower g3_3500 precision_m4600 vostro_20_3052 optiplex_3011_aio optiplex latitude_e6530 latitude_e6440 vostro_3590 xps_17_9700 canvas_27 latitude_3300 precision_7550 inspiron_3252 optiplex_7760_aio inspiron_3501 latitude_3390 precision_t3500 inspiron_7537 vostro_3901 inspiron_24-3452 xps_12_9250 xps_13_9380 inspiron_7300 vostro_5301 vostro_5401 optiplex_9020 precision_7530 latitude_7285 inspiron_7490 inspiron_7548 latitude_e5470 inspiron_17_5767 chengming_3980 precision_7710 inspiron_5509 alienware_m14xr2 vostro_3481 xps_9550 latitude_5591 latitude_3330 inspiron_3481 xps_13_9305 inspiron_3780 vostro_3669 inspiron_14_gaming_7466 inspiron_5537 latitude_e6330 optiplex_3280_aio precision_3551 xps_8900 latitude_e5430 inspiron_5598 latitude_7400_2in1 vostro_3881 optiplex_7450_all-in-one inspiron_7506_2-in-1 precision_3930_xl_rack latitude_rugged_7424 inspiron_5493 inspiron_7558 latitude_5510 inspiron_5448 xps_13_9310_2-in-1 inspiron_7737 vostro_3470 inspiron_3881 vostro_7500 inspiron_5400_aio inspiron_3793 wyse_5470 vostro_3580 optiplex_5040 precision_3541 precision_5530_2-in-1 inspiron_5323 inspiron_580s precision_5510 inspiron_15_7572 inspiron_5423 precision_3510 inspiron_7437 vostro_230 vostro_2521 xps_9350 inspiron_3043 inspiron_5400_2-in-1 latitude_3500 g7_7590 latitude_e6230 inspiron_7500_2-in-1_black inspiron_15-5559 latitude_3190_2-in-1 chengming_3991 inspiron_3443 vostro_5890 g7_7700 precision_m6700 xps_13_7390_2-in-1 inspiron_3471 inspiron_17-5759 latitude_5288 latitude_3510 xps_15_9575_2-in-1 optiplex_5055 optiplex_3080 inspiron_3437 inspiron_7590_2-in-1 precision_t7810 optiplex_3030_aio wyse_7040_thin_client latitude_3450 precision_3620_tower inspiron_14_gaming_7467 inspiron_15z inspiron_5408 inspiron_20-3052 latitude_e7470 xps_13_9300 inspiron_3480 optiplex_xe3 latitude_3460_wyse_tc latitude_5300_2-in-1 vostro_3500 alienware_m15_r4 inspiron_7380 inspiron_3543 precision_3930_rack inspiron_14-5459 inspiron_5543 g3_3579 inspiron_7720 optiplex_5480_aio vostro_15_3561 vostro_3668 embedded_box_pc_5000 vostro_5581 precision_5550 vostro_5402 xps_13_9370 latitude_5280 latitude_5175 vostro_5880 vostro_5590 latitude_3150 latitude_5480 xps_13_9343 vostro_3267 xps_13_9365_2-in-1 latitude_7370 vostro_13_5370 inspiron_3580 vostro_3905 precision_t1700 g5_5090 inspiron_5583 latitude_e6220 dock_wd15 optiplex_990 inspiron_3521 inspiron_13_5370 inspiron_1210 inspiron_7591_2-in-1 inspiron_5508 optiplex_7090_ultra vostro_3252 inspiron_7559 optiplex_3010 precision_3640 latitude_e6320 inspiron_14-3452 latitude_e7270 vostro_3902 dock_wd19 latitude_5250 xps_13_7390 inspiron_5580 inspiron_3490 inspiron_7586 inspiron_3781 latitude_7280 optiplex_7020 optiplex_5055_ryzen_cpu latitude_3380 optiplex_7050 inspiron_1564 precision_7510 inspiron_3646 vostro_14-3446 precision_3440 alienware_14 latitude_7300 precision_t3610 precision_3240_cff g3_3779 precision_7820_tower latitude_rugged_5424 latitude_9510 precision_5530 precision_t7500 optiplex_3070 g5_5500 precision_7730 optiplex_xe2 inspiron_24-3455 latitude_5511 inspiron_3593 latitude_7490 latitude_e7270_mobile_thin_client optiplex_7480_aio thunderbolt_dock_tb16 latitude_5320 latitude_5580 vostro_5300 vostro_5591 latitude_5290_2-in-1 xps_27_7760 inspiron_7580 precision_5540 xps_13_9310 xps_one_2710 vostro_3660 latitude_5179 inspiron_7790 inspiron_3584 latitude_5450 vostro_3583 inspiron_3647 latitude_7210_2_in_1 inspiron_5402 latitude_3460 inspiron_3671 inspiron_3147 vostro_3471 inspiron_3542 precision_3630_tower latitude_e5530 inspiron_14_7460 alienware_m17xr4 inspiron_7746 vostro_270 inspiron_3470 inspiron_5301 vostro_3888 inspiron_660s latitude_5501 inspiron_5676 latitude_3570 vostro_15_5568 inspiron_5490 latitude_7389 precision_5820_tower vostro_3070 precision_7540 vostro_5502 inspiron_3268 inspiron_3655 inspiron_15_7560 vostro_5491 inspiron_3442 precision_m4700 inspiron_5491_aio latitude_5300 vostro_5501 inspiron_5348 latitude_7275 latitude_7390 inspiron_15_5567 precision_7920_xl_tower latitude_3580 g5_5590 inspiron_11-3162 inspiron_5494 g15_5510 latitude_5285_2-in-1 g7_7588 precision_3430_tower vostro_14-5459 vostro_20_3055 inspiron_3583 inspiron_7368 latitude_3350 inspiron_5390 optiplex_3050_aio inspiron_7472 latitude_5200 latitude_9410 inspiron_1122 chengming_3988 inspiron_3537 optiplex_9010 optiplex_fx170 inspiron_15_5566 optiplex_3050 inspiron_7500 optiplex_5080 optiplex_7010 latitude_3190 inspiron_5576 inspiron_5570 inspiron_5593 latitude_e5440 optiplex_5070 latitude_7310 optiplex_7070_ultra optiplex_780 xps_15_9570 latitude_5400 vostro_3671 latitude_7480 latitude_3400 latitude_3550 inspiron_3891 vostro_3490 optiplex_790 latitude_5285 precision_t5610 vostro_3491 latitude_7520 latitude_5550 precision_7720 precision_7750 latitude_5410 vostro_3268 vostro_3480 inspiron_7386 inspiron_7786 vostro_5090 inspiron_5480 alienware_m18xr2 latitude_14_rugged_extreme_7404 vostro_5410 vostro_3667 latitude_5280_mobile_thin_client latitude_7410 latitude_3590 optiplex_5060 inspiron_5577 latitude_7350 gaming_g3_3590 g5_5587 chengming_3977 xps_7590 vostro_470 precision_t3600 precision_7820_xl_tower inspiron_5591_2-in-1 latitude_5310_2-in-1 latitude_14_rugged_5414 inspiron_15_gaming_7577 optiplex_9030_aio inspiron_7391 chengming_3967 latitude_e7450 latitude_3340 precision_5520 inspiron_5300 precision_t7600 latitude_5290 vostro_5481 cheng_ming_3967 latitude_e7250 inspiron_15_5582_2-in-1 latitude_rugged_extreme_tablet_7220ex latitude_3180 inspiron_7590 latitude_12_7285 inspiron_15_gaming_7567 g5_5000 inspiron_5502 vostro_3890 vostro_3681 optiplex_3040 inspiron_15-5565 xps_15_9500 latitude_e7240 inspiron_7791 inspiron_660 latitude_5500 optiplex_5055_ryzen_apu alienware_asm100 optiplex_7070 optiplex_3020 vostro_3401 optiplex_5260_all-in-one precision_t5500 wyse_5470_all-in-one alienware_17_51m_r2 latitude_rugged_extreme_7424 vostro_3690 vostro_1450 inspiron_3847 precision_3431_tower inspiron_7306_2-in-1 latitude_5590 vostro_220s inspiron_one_2020 latitude_3189 latitude_e6430_atg precision_17_m5750 inspiron_7300_2-in-1 inspiron_5401 vostro_3670 precision_7740 g7_7500 inspiron_3421 latitude_e6430 latitude_5289 vostro_14_5468 optiplex_5055_a-serial optiplex_390 inspiron_5491_2-in-1 latitude_5488 vostro_3581 inspiron_7520 vostro_15_7580 optiplex_3060 inspiron_7700 inspiron_5485_2-in-1 inspiron_5770 precision_r5500 inspiron_5594 inspiron_5749 precision_3430_xl inspiron_3048 inspiron_7400 inspiron_5501 alienware_area_51 inspiron_3493 optiplex_3240_all-in-one latitude_5411 optiplex_7780_aio latitude_5310 inspiron_3668 dbutil dbutil Driver

CWE ID-CWE-782

Exposed IOCTL with Insufficient Access Control

CVE-2023-44285

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.06% / 19.51%

||

7 Day CHG~0.00%

Published-14 Dec, 2023 | 15:31

Updated-02 Aug, 2024 | 19:59

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege.

Vendor-Dell Inc.

Product-powerprotect_data_domain powerprotect_data_protection dd9400 dp5900 apex_protection_storage powerprotect_data_domain_management_center emc_data_domain_os dd6400 dd3300 dd9900 dd6900 dp4400 PowerProtect DD

CWE ID-CWE-1220

Insufficient Granularity of Access Control

CVE-2021-21518

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.04% / 9.56%

||

7 Day CHG~0.00%

Published-12 Mar, 2021 | 20:10

Updated-16 Sep, 2024 | 19:31

Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges.

Vendor-Dell Inc.

Product-supportassist_for_business_pcs supportassist_for_home_pcs supportassist_client_promanage Dell SupportAssist Client

CWE ID-CWE-427

Uncontrolled Search Path Element

CVE-2023-44283

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.07% / 20.95%

||

7 Day CHG~0.00%

Published-14 Feb, 2024 | 07:49

Updated-17 Oct, 2024 | 14:29

In Dell SupportAssist for Home PCs (between v3.0 and v3.14.1) and SupportAssist for Business PCs (between v3.0 and v3.4.1), a security concern has been identified, impacting locally authenticated users on their respective PCs. This issue may potentially enable privilege escalation and the execution of arbitrary code, in the Windows system context, and confined to that specific local PC.

Vendor-Dell Inc.

Product-supportassist_for_business_pcs supportassist_for_home_pcs SupportAssist for Home PCs SupportAssist for Business PCs supportassist_for_business_pcs supportassist_for_home_pcs

CWE ID-CWE-284

Improper Access Control

CVE-2023-44292

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.04% / 12.04%

||

7 Day CHG~0.00%

Published-16 Nov, 2023 | 09:22

Updated-14 Aug, 2024 | 18:08

Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. A local low-privileged attacker could potentially exploit this vulnerability, leading to gaining escalated privileges.

Vendor-Dell Inc.

Product-repository_manager Dell Repository Manager (DRM)repository_manager

CWE ID-CWE-284

Improper Access Control

CWE ID-CWE-269

Improper Privilege Management

CVE-2023-44277

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.08% / 24.41%

||

7 Day CHG~0.00%

Published-14 Dec, 2023 | 15:05

Updated-02 Aug, 2024 | 19:59

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in the CLI. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

Vendor-Dell Inc.

Product-powerprotect_data_domain powerprotect_data_protection dd9400 dp5900 apex_protection_storage powerprotect_data_domain_management_center emc_data_domain_os dd6400 dd3300 dd9900 dd6900 dp4400 PowerProtect DD

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2023-44289

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.3||HIGH

EPSS-0.04% / 11.12%

||

7 Day CHG~0.00%

Published-23 Nov, 2023 | 06:41

Updated-05 Jun, 2025 | 14:11

Dell Command | Configure versions prior to 4.11.0, contain an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability while repairing/changing installation, leading to privilege escalation.

Vendor-Dell Inc.

Product-command\|configure Dell Command Configure (DCC)

CWE ID-CWE-284

Improper Access Control

CVE-2023-43086

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.3||HIGH

EPSS-0.03% / 6.86%

||

7 Day CHG~0.00%

Published-23 Nov, 2023 | 06:27

Updated-02 Aug, 2024 | 19:37

Dell Command | Configure, versions prior to 4.11.0, contains an improper access control vulnerability. A local malicious user could potentially modify files inside installation folder during application upgrade, leading to privilege escalation.

Vendor-Dell Inc.

Product-command\|configure Dell Command Configure (DCC)

CWE ID-CWE-284

Improper Access Control

CVE-2023-43066

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-5.1||MEDIUM

EPSS-0.00% / 0.18%

||

7 Day CHG~0.00%

Published-23 Oct, 2023 | 15:00

Updated-11 Sep, 2024 | 14:06

Dell Unity prior to 5.3 contains a Restricted Shell Bypass vulnerability. This could allow an authenticated, local attacker to exploit this vulnerability by authenticating to the device CLI and issuing certain commands.

Vendor-Dell Inc.

Product-unity_operating_environment unityvsa_operating_environment unity_xt_operating_environment Unity

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2023-43068

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.34% / 56.06%

||

7 Day CHG~0.00%

Published-05 Oct, 2023 | 17:16

Updated-19 Sep, 2024 | 18:51

Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the restricted shell in SSH. An authenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary commands.

Vendor-Dell Inc.

Product-smartfabric_storage_software Dell SmartFabric Storage Software

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2023-43072

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-4.4||MEDIUM

EPSS-0.03% / 8.22%

||

7 Day CHG~0.00%

Published-05 Oct, 2023 | 17:47

Updated-19 Sep, 2024 | 18:35

Dell SmartFabric Storage Software v1.4 (and earlier) contains an improper access control vulnerability in the CLI. A local possibly unauthenticated attacker could potentially exploit this vulnerability, leading to ability to execute arbritrary shell commands.

Vendor-Dell Inc.

Product-smartfabric_storage_software Dell SmartFabric Storage Software

CWE ID-CWE-284

Improper Access Control

CVE-2025-43882

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs