Lucene search

DellCVE-2024-25955

HistoryMar 28, 2024 - 7:15 p.m.

CVE-2024-25955

2024-03-2819:15:47

CWE-78

dell

web.nvd.nist.gov

dell

vapp manager

command injection

vulnerability

upgrade

9.2.4.9

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

Low

EPSS

Percentile

9.6%

JSON

Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the earliest opportunity.

Affected configurations

Vulners

Vulnrichment

Node

dellevasa_provider_virtual_applianceRange≤9.2.4.9

dellevasa_provider_virtual_applianceRange≤9.2.4.6

dellevasa_provider_virtual_applianceRange≤5978

VendorProductVersionCPE
dellevasa_provider_virtual_appliance*cpe:2.3:a:dell:evasa_provider_virtual_appliance:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	evasa_provider_virtual_appliance	*	cpe:2.3:a:dell:evasa_provider_virtual_appliance::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Virtual Appliance (vApp) Manager",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "9.2.4.9",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      },
      {
        "lessThan": "9.2.4.6",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      },
      {
        "lessThan": "5978",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000223609/dsa-2024-108-dell-powermaxos-5978-dell-powermax-os-10-0-1-5-dell-powermax-os-10-1-0-2-dell-unisphere-360-unisphere-powermax-unisphere-powermax-vapp-dell-solutions-enabler-vapp-and-dell-powermax-eem-security-update-for-multiple-vulnerabilities

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

Low

EPSS

Percentile

9.6%

JSON

Related for CVE-2024-25955