Lucene search

DellVULNRICHMENT:CVE-2024-39582

HistorySep 10, 2024 - 9:04 a.m.

CVE-2024-39582

2024-09-1009:04:50

CWE-798

dell

github.com

dell powerscale insightiq

version 5.0

use of hard coded credentials

vulnerability

high privileged attacker

local access

information disclosure

CVSS3

2.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

Percentile

9.6%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Dell PowerScale InsightIQ, version 5.0, contain a Use of hard coded Credentials vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.

References

www.dell.com/support/kbdoc/en-us/000228412/dsa-2024-360-security-update-for-dell-powerscale-insightiq-for-multiple-security-vulnerabilities

CVSS3

2.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

Percentile

9.6%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-39582