Lucene search

DellVULNRICHMENT:CVE-2024-30472

HistoryJun 13, 2024 - 11:11 a.m.

CVE-2024-30472

2024-06-1311:11:45

CWE-200

dell

github.com

telemetry dashboard

dell thinos 2402

information disclosure

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Telemetry Dashboard v1.0.0.8 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. An unauthenticated user with local access to the device could exploit this vulnerability leading to information disclosure.

CNA Affected

[
  {
    "vendor": "Dell",
    "product": "Wyse 5070 Thin Client",
    "versions": [
      {
        "status": "affected",
        "version": "Telemetry Dashboard v1.0.0.8 on Thin OS 2402"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.dell.com/support/kbdoc/en-us/000225289/dsa-2024-229

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for VULNRICHMENT:CVE-2024-30472