Lucene search

[email protected]NVD:CVE-2024-24908

HistoryMay 08, 2024 - 4:15 p.m.

CVE-2024-24908

2024-05-0816:15:08

CWE-22

[email protected]

web.nvd.nist.gov

dell powerprotect dm5500

arbitrary file delete

path traversal

remote attacker

high privileges

server filesystem

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

0.0004 Low

EPSS

Percentile

10.7%

JSON

Dell PowerProtect DM5500 version 5.15.0.0 and prior contain an Arbitrary File Delete via Path Traversal vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability to deletion of arbitrary files stored on the server filesystem.

References

www.dell.com/support/kbdoc/en-us/000224843/dsa-2024-083-security-update-for-dell-powerprotect-data-manager-appliance-for-multiple-vulnerabilities

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

0.0004 Low

EPSS

Percentile

10.7%

JSON

Related for NVD:CVE-2024-24908

cvelist1 cve1