Lucene search

DellCVELIST:CVE-2024-39576

HistoryAug 22, 2024 - 2:54 a.m.

CVE-2024-39576

2024-08-2202:54:05

CWE-266

dell

www.cve.org

dell power manager

privilege assignment

code execution

elevation of privileges

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS

Percentile

9.5%

JSON

Dell Power Manager (DPM), versions 3.15.0 and prior, contains an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Dell Power Manager (DPM)",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "3.16.0",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000227010/dsa-2024-323

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS

Percentile

9.5%

JSON

Related for CVELIST:CVE-2024-39576