Lucene search

DellCVE-2024-25962

HistoryMar 27, 2024 - 11:15 a.m.

CVE-2024-25962

2024-03-2711:15:46

CWE-284

dell

web.nvd.nist.gov

dell insightiq version 5.0

access control

vulnerability

unauthorized access

monitoring data

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

AI Score

Confidence

High

EPSS

Percentile

9.0%

JSON

Dell InsightIQ, version 5.0, contains an improper access control vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to monitoring data.

Affected configurations

Vulners

Node

dellinsightiqMatch5.0.0

VendorProductVersionCPE
dellinsightiq5.0.0cpe:2.3:a:dell:insightiq:5.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	insightiq	5.0.0	cpe:2.3:a:dell:insightiq:5.0.0:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "InsightIQ",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": "5.0.0"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000223551/dsa-2024-134-security-update-for-dell-insightiq-for-proprietary-code-vulnerability

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

AI Score

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2024-25962