Lucene search

DellVULNRICHMENT:CVE-2024-37129

HistoryJul 31, 2024 - 8:47 a.m.

CVE-2024-37129

2024-07-3108:47:57

CWE-22

dell

github.com

dell inventory collector

path traversal

vulnerability

arbitrary code execution

system

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS

Percentile

10.9%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Dell Inventory Collector, versions prior to 12.3.0.6 contains a Path Traversal vulnerability. A local authenticated malicious user could potentially exploit this vulnerability, leading to arbitrary code execution on the system.

CNA Affected

[
  {
    "vendor": "Dell",
    "product": "Dell Inventory Collector",
    "versions": [
      {
        "status": "affected",
        "version": "N/A",
        "lessThan": "12.3.0.6",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:dell:command_update:*:*:*:*:*:*:*:*"
    ],
    "vendor": "dell",
    "product": "command_update",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "12.3.0.6",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "cpes": [
      "cpe:2.3:a:dell:update:*:*:*:*:*:*:*:*"
    ],
    "vendor": "dell",
    "product": "update",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "12.3.0.6",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "cpes": [
      "cpe:2.3:a:dell:alienware_update:*:*:*:*:*:*:*:*"
    ],
    "vendor": "dell",
    "product": "alienware_update",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "12.3.0.6",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "cpes": [
      "cpe:2.3:a:dell:supportassist_for_home_pcs:*:*:*:*:*:*:*:*"
    ],
    "vendor": "dell",
    "product": "supportassist_for_home_pcs",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "12.3.0.6",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "cpes": [
      "cpe:2.3:a:dell:supportassist_for_business_pcs:*:*:*:*:*:*:*:*"
    ],
    "vendor": "dell",
    "product": "supportassist_for_business_pcs",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "12.3.0.6",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.dell.com/support/kbdoc/en-us/000225779/dsa-2024-263

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS

Percentile

10.9%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-37129