Lucene search

DellVULNRICHMENT:CVE-2024-25962

HistoryMar 27, 2024 - 10:37 a.m.

CVE-2024-25962

2024-03-2710:37:43

CWE-284

dell

github.com

dell

insightiq

version 5.0

access control

vulnerability

remote attacker

monitoring data

unauthorized access

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

AI Score

7.1

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Dell InsightIQ, version 5.0, contains an improper access control vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to monitoring data.

CNA Affected

[
  {
    "vendor": "Dell",
    "product": "InsightIQ",
    "versions": [
      {
        "status": "affected",
        "version": "5.0.0"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.dell.com/support/kbdoc/en-us/000223551/dsa-2024-134-security-update-for-dell-insightiq-for-proprietary-code-vulnerability

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

AI Score

7.1

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-25962