Vulnerability Details CVE-2024-22428
Dell iDRAC Service Module, versions 5.2.0.0 and prior, contain an Incorrect Default Permissions vulnerability. It may allow a local unprivileged user to escalate privileges and execute arbitrary code on the affected system. Dell recommends customers upgrade at the earliest opportunity.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 11.1%
CVSS Severity
CVSS v3 Score 7.0
References
- https://www.dell.com/support/kbdoc/en-us/000221129/dsa-2024-018-security-update-for-dell-idrac-service-module-for-weak-folder-permission-vulnerabilities
- https://www.dell.com/support/kbdoc/en-us/000221129/dsa-2024-018-security-update-for-dell-idrac-service-module-for-weak-folder-permission-vulnerabilities
Products affected by CVE-2024-22428
-
cpe:2.3:a:dell:emc_idrac_service_module:-
-
cpe:2.3:a:dell:emc_idrac_service_module:3.0.1
-
cpe:2.3:a:dell:emc_idrac_service_module:3.0.2
-
cpe:2.3:a:dell:emc_idrac_service_module:3.1.0
-
cpe:2.3:a:dell:emc_idrac_service_module:3.2.0
-
cpe:2.3:a:dell:emc_idrac_service_module:5.1.0.0
-
cpe:2.3:a:dell:emc_idrac_service_module:5.2.0.0