CVE-2024-37143

CVSS 10 CRITICALEPSS 0.8%CWE-59

Vexday Risk Score

28Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 10EPSS 0.8%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

10 dic 2024Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell PowerFlex custom node using PowerFlex Manager versions prior to 4.6.1.0, Dell InsightIQ versions prior to 5.1.1, and Dell Data Lakehouse versions prior to 1.2.0.0 contain an Improper Link Resolution Before File Access vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to execute arbitrary code on the system.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Productos afectados

Dell · Dell Data Lakehouse Dell · Dell InsightIQ Dell · Dell PowerFlex appliance Dell · Dell PowerFlex custom node Dell · Dell PowerFlex rack

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.dell.com/support/kbdoc/en-us/000258342/dsa-2024-405-security-update-for-dell-products-for-multiple-vulnerabilities