Lucene search

DellCVELIST:CVE-2024-25962

HistoryMar 27, 2024 - 10:37 a.m.

CVE-2024-25962

2024-03-2710:37:43

CWE-284

dell

www.cve.org

dell insightiq

version 5.0

improper access control

vulnerability

remote attacker

unauthorized access

monitoring data

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

Percentile

9.0%

JSON

Dell InsightIQ, version 5.0, contains an improper access control vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to monitoring data.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "InsightIQ",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": "5.0.0"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000223551/dsa-2024-134-security-update-for-dell-insightiq-for-proprietary-code-vulnerability

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2024-25962