Lucene search

DellVULNRICHMENT:CVE-2024-39583

HistorySep 10, 2024 - 8:45 a.m.

CVE-2024-39583

2024-09-1008:45:15

CWE-327

dell

github.com

dell powerscale insightiq

cryptographic

vulnerability

elevation of privileges

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

39.6%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:dell:powerscale_insightiq:*:*:*:*:*:*:*:*"
    ],
    "vendor": "dell",
    "product": "powerscale_insightiq",
    "versions": [
      {
        "status": "affected",
        "version": "5.0",
        "versionType": "semver",
        "lessThanOrEqual": "5.1"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

www.dell.com/support/kbdoc/en-us/000228412/dsa-2024-360-security-update-for-dell-powerscale-insightiq-for-multiple-security-vulnerabilities

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

39.6%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-39583