Lucene search

[email protected]NVD:CVE-2024-37129

HistoryJul 31, 2024 - 9:15 a.m.

CVE-2024-37129

2024-07-3109:15:04

CWE-22

[email protected]

web.nvd.nist.gov

dell inventory collector

path traversal

vulnerability

arbitrary code execution

system security

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

10.9%

JSON

Dell Inventory Collector, versions prior to 12.3.0.6 contains a Path Traversal vulnerability. A local authenticated malicious user could potentially exploit this vulnerability, leading to arbitrary code execution on the system.

Affected configurations

Nvd

Node

dellinventory_collectorRange<12.3.0.6

VendorProductVersionCPE
dellinventory_collector*cpe:2.3:a:dell:inventory_collector:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	inventory_collector	*	cpe:2.3:a:dell:inventory_collector::::::::

References

www.dell.com/support/kbdoc/en-us/000225779/dsa-2024-263

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

10.9%

JSON

Related for NVD:CVE-2024-37129

cvelist1 cve1 vulnrichment1