Dell Unisphere for PowerMax vApp, version(s) 9.2.4.x, contain(s) an Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.
SupportAssist for Business PCs, version(s) 4.5.3 and prior, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.
SupportAssist for Home PCs versions 4.6.3 and prior and SupportAssist for Business PCs versions 4.5.3 and prior, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access.
Dell Encryption Admin Utilities versions prior to 11.10.2 contain an Improper Link Resolution vulnerability. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation.
Dell Encryption and Dell Security Management Server, versions prior to 11.11.0, contain an Improper Link Resolution Before File Access ('Link Following') Vulnerability. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation.
Dell SmartFabric OS10 Software, versions prior to 10.6.0.5, contains a Use of Hard-coded Password vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1, contains an improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service, information disclosure, and information tampering.
Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. A local authenticated malicious user with monitor role may exploit this vulnerability to perform unauthorized actions.
Dell Alienware Command Center 6.x, versions prior to 6.7.37.0 contain an Improper Access Control Vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
Dell ThinOS 2408 and prior, contains an improper permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
Dell Hybrid Client versions prior to 1.5 contain a missing authentication for a critical function vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to gain root level access to the system.
Dell Digital Delivery versions prior to 3.5.2015 contain an incorrect default permissions vulnerability. A locally authenticated low-privileged malicious user could exploit this vulnerability to run an arbitrary executable with administrative privileges on the affected system.
The System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09, and possibly other BIOS implementations does not ensure that function calls operate on SMRAM memory locations, which allows local users to bypass the Secure Boot protection mechanism and gain privileges by leveraging write access to physical memory.
Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service, Information disclosure, and Remote execution
Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain a SQL injection vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to execute SQL commands to perform unauthorized actions.
Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a UAF vulnerability in EFI_BOOT_SERVICES in system management mode. A local unauthenticated attacker may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in system management mode.
Dell Encryption versions prior to 10.8 and Dell Endpoint Security Suite versions prior to 2.8 contain a privilege escalation vulnerability because of an incomplete fix for CVE-2020-5358. A local malicious user with low privileges could potentially exploit this vulnerability to gain elevated privilege on the affected system with the help of a symbolic link.
Dell Encryption versions prior to 10.7 and Dell Endpoint Security Suite versions prior to 2.7 contain a privilege escalation vulnerability due to incorrect permissions. A local malicious user with low privileges could potentially exploit this vulnerability to gain elevated privilege on the affected system with the help of a symbolic link.
Dell Client platforms restored using a Dell OS recovery image downloaded before December 20, 2019, may contain an insecure inherited permissions vulnerability. A local authenticated malicious user with low privileges could exploit this vulnerability to gain unauthorized access on the root folder.
Dell SupportAssist for Business PCs versions 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3 and Dell SupportAssist for Home PCs version 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, 3.2.1, 3.2.2, 3.3, 3.3.1, 3.3.2, 3.3.3, 3.4 contain an uncontrolled search path vulnerability. A locally authenticated low privileged user could exploit this vulnerability to cause the loading of arbitrary DLLs by the SupportAssist binaries, resulting in the privileged execution of arbitrary code.
Dell PowerScale OneFS version 8.1.2 contains a sensitive information exposure vulnerability. This would allow a malicious user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE privileges to gain access to sensitive information in the log files.
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
Dell ThinOS 2411 and prior, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
Dell PowerProtect Data Manager Reporting, version(s) 19.17, contain(s) an Incorrect Use of Privileged APIs vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
Dell UCC Edge, version 2.3.0, contains a Blind SSRF on Add Customer SFTP Server vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Server-side request forgery
Dell SupportAssist OS Recovery versions prior to 5.5.13.1 contain a symbolic link attack vulnerability. A low-privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary file deletion and Elevation of Privileges.
Dell Update Package Framework, versions prior to 22.01.02, contain(s) a Local Privilege Escalation Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary remote scripts on the server. Exploitation may lead to a denial of service by an attacker.
Dell NetWorker, version(s) prior to 19.11.0.3, all versions of 19.10 & prior versions contain(s) an Unquoted Search Path or Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
Dell RecoverPoint for Virtual Machines 6.0.X contains a command execution vulnerability. A Low privileged malicious user with local access could potentially exploit this vulnerability by running the specific binary and perform any administrative action permitted by it resulting in shutting down the server, modifying the configuration leading to gain access to unauthorized data.
Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability on a SmartLock Compliance mode cluster. The compadmin user connecting using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE can elevate privileges to the root user if they have ISI PRIV HARDENING privileges.
Dell EMC PowerScale OneFS versions 8.2.0 - 9.1.0 contain a privilege escalation vulnerability. A non-admin user with either ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH may potentially exploit this vulnerability to read arbitrary data, tamper with system software or deny service to users. Note: no non-admin users or roles have these privileges by default.
Dell GeoDrive, versions prior to 2.2, contains an Unquoted File Path vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context.
Dell EMC PowerScale OneFS versions 8.1.2 and 8.2.2 contain an Incorrect Permission Assignment for a Critical Resource vulnerability. This may allow a non-admin user with either ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH privileges to exploit the vulnerability, leading to compromised cryptographic operations. Note: no non-admin users or roles have these privileges by default.
Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain a privilege escalation vulnerability. A user with ISI_PRIV_JOB_ENGINE may use the PermissionRepair job to grant themselves the highest level of RBAC privileges thus being able to read arbitrary data, tamper with system software or deny service to users.
Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege.
Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of privilege on the system.
Dell Rugged Control Center, versions prior to 4.5, contain an Improper Input Validation in the Service EndPoint. A Local Low Privilege attacker could potentially exploit this vulnerability, leading to an Escalation of privileges.
Dell command configuration, version 4.8 and prior, contains improper folder permission when installed not to default path but to non-secured path which leads to privilege escalation. This is critical severity vulnerability as it allows non-admin to modify the files inside installed directory and able to make application unavailable for all users.
Dell GeoDrive, versions 2.1 - 2.2, contains an information disclosure vulnerability in GUI. An authenticated non-admin user could potentially exploit this vulnerability and view sensitive information.
Dell GeoDrive, versions prior to 2.2, contains Insecure File and Folder Permissions vulnerabilities. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context. Dell recommends customers to upgrade at the earliest opportunity.
Dell PowerProtect Cyber Recovery, versions prior to 19.11, contain a privilege escalation vulnerability on virtual appliance deployments. A lower-privileged authenticated user can chain docker commands to escalate privileges to root leading to complete system takeover.
Dell BIOS contains an Stack-Based Buffer Overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
Dell BIOS versions contain a Stack-based Buffer Overflow vulnerability. A local authenticated malicious user could potentially exploit this vulnerability by sending excess data to a function in order to gain arbitrary code execution on the system.
Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.
Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.
Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.
Dell BIOS versions contain a stack-based buffer overflow vulnerability. A local attacker could exploit this vulnerability by sending malicious input via SMI to bypass security checks resulting in arbitrary code execution in SMM.
Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.