Lucene search

DellVULNRICHMENT:CVE-2024-39581

HistorySep 10, 2024 - 8:49 a.m.

CVE-2024-39581

2024-09-1008:49:57

CWE-552

dell

github.com

dell powerscale insightiq

version 5.0-5.1

file access vulnerability

unauthenticated access

remote exploitation

arbitrary file manipulation

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

7.4

Confidence

Low

EPSS

0.001

Percentile

39.6%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a File or Directories Accessible to External Parties vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to read, modify, and delete arbitrary files.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:dell:powerscale_insightiq:*:*:*:*:*:*:*:*"
    ],
    "vendor": "dell",
    "product": "powerscale_insightiq",
    "versions": [
      {
        "status": "affected",
        "version": "5.0",
        "versionType": "semver",
        "lessThanOrEqual": "5.1"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

www.dell.com/support/kbdoc/en-us/000228412/dsa-2024-360-security-update-for-dell-powerscale-insightiq-for-multiple-security-vulnerabilities

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

7.4

Confidence

Low

EPSS

0.001

Percentile

39.6%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-39581