Lucene search

DellCVELIST:CVE-2024-0157

HistoryApr 12, 2024 - 4:59 p.m.

CVE-2024-0157

2024-04-1216:59:51

CWE-400

dell

www.cve.org

dell

storage resource manager

session fixation

vulnerability

cve-2024-0157

srm windows host agent

hijack

application session

unauthenticated attacker

adjacent network

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

5.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in SRM Windows Host Agent. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to the hijack of a targeted user’s application session.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Dell Storage Resource Manager",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "5.0.0.0",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-nz/000224070/dsa-2024-143-dell-storage-resource-manager-srm-and-dell-storage-monitoring-and-reporting-smr-security-update-for-multiple-third-party-component-vulnerabilities

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

5.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for CVELIST:CVE-2024-0157