Lucene search

DellCVELIST:CVE-2024-37129

HistoryJul 31, 2024 - 8:47 a.m.

CVE-2024-37129

2024-07-3108:47:57

CWE-22

dell

www.cve.org

dell inventory collector

path traversal

arbitrary code execution

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS

Percentile

10.9%

JSON

Dell Inventory Collector, versions prior to 12.3.0.6 contains a Path Traversal vulnerability. A local authenticated malicious user could potentially exploit this vulnerability, leading to arbitrary code execution on the system.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Dell Inventory Collector",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "12.3.0.6",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000225779/dsa-2024-263

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS

Percentile

10.9%

JSON

Related for CVELIST:CVE-2024-37129