Vulnerability Details CVE-2024-28964
Dell Common Event Enabler, version 8.9.10.0 and prior, contain an insecure deserialization vulnerability in CAVATools. A local unauthenticated attacker could potentially exploit this vulnerability, leading to arbitrary code execution in the context of the logged in user. Exploitation of this issue requires a victim to open a malicious file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.4%
CVSS Severity
CVSS v3 Score 7.8
References
- https://www.dell.com/support/kbdoc/en-us/000224987/dsa-2024-179-security-update-for-dell-emc-common-event-enabler-windows-for-cavatools-vulnerabilities
- https://www.dell.com/support/kbdoc/en-us/000224987/dsa-2024-179-security-update-for-dell-emc-common-event-enabler-windows-for-cavatools-vulnerabilities
Products affected by CVE-2024-28964
-
cpe:2.3:a:dell:common_event_enabler:-
-
cpe:2.3:a:dell:common_event_enabler:8.9.10.0
-
cpe:2.3:a:dell:common_event_enabler:8.9.8.2
-
cpe:2.3:a:dell:common_event_enabler:8.9.9.0