Lucene search

DellCVELIST:CVE-2024-30473

HistoryJul 18, 2024 - 3:39 p.m.

CVE-2024-30473

2024-07-1815:39:10

CWE-269

dell

www.cve.org

dell ecs

privilege elevation

user management

remote attacker

unauthorized end points

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

EPSS

Percentile

9.3%

JSON

Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulnerability in user management. A remote high privileged attacker could potentially exploit this vulnerability, gaining access to unauthorized end points.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ECS",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "3.8.1.1",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000227051/dsa-2024-239-security-update-dell-ecs-3-8-1-1-for-multiple-security-vulnerabilities

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

EPSS

Percentile

9.3%

JSON

Related for CVELIST:CVE-2024-30473