Lucene search

DellVULNRICHMENT:CVE-2024-0155

HistoryMar 04, 2024 - 1:00 p.m.

CVE-2024-0155

2024-03-0413:00:46

CWE-416

dell

github.com

cve-2024-0155

dell digital delivery

use after free

vulnerability

local attacker

arbitrary code

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Dell Digital Delivery, versions prior to 5.2.0.0, contain a Use After Free Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to application crash or execution of arbitrary code.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:dell:digital_delivery:*:*:*:*:*:*:*:*"
    ],
    "vendor": "dell",
    "product": "digital_delivery",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "5.2.0.0",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.dell.com/support/kbdoc/en-us/000222292/dsa-2024-033

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-0155