Lucene search

DellCVE-2024-30473

HistoryJul 18, 2024 - 4:15 p.m.

CVE-2024-30473

2024-07-1816:15:06

CWE-269

dell

web.nvd.nist.gov

dell ecs

privilege elevation

user management

remote attacker

unauthorized access

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

AI Score

6.7

Confidence

Low

EPSS

Percentile

9.3%

JSON

Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulnerability in user management. A remote high privileged attacker could potentially exploit this vulnerability, gaining access to unauthorized end points.

Affected configurations

Vulners

Node

dellecs_streamerRange≤3.8.1.1

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ECS",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "3.8.1.1",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000227051/dsa-2024-239-security-update-dell-ecs-3-8-1-1-for-multiple-security-vulnerabilities

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

AI Score

6.7

Confidence

Low

EPSS

Percentile

9.3%

JSON

Related for CVE-2024-30473