Dell: Security Vulnerabilities
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state.
CVSS Score
5.4
EPSS Score
0.02
Published
2024-06-13
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal maintenance REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state.
CVSS Score
5.4
EPSS Score
0.02
Published
2024-06-13
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for internal email and collection settings REST APIs (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state.
CVSS Score
5.4
EPSS Score
0.02
Published
2024-06-13
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
CVSS Score
7.5
EPSS Score
0.0
Published
2024-06-13
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
CVSS Score
7.5
EPSS Score
0.0
Published
2024-06-13
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
CVSS Score
7.5
EPSS Score
0.0
Published
2024-06-13
Telemetry Dashboard v1.0.0.8 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. An unauthenticated user with local access to the device could exploit this vulnerability leading to information disclosure.
CVSS Score
7.5
EPSS Score
0.013
Published
2024-06-13
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.
CVSS Score
5.1
EPSS Score
0.0
Published
2024-06-13
Dell Common Event Enabler, version 8.9.10.0 and prior, contain an insecure deserialization vulnerability in CAVATools. A local unauthenticated attacker could potentially exploit this vulnerability, leading to arbitrary code execution in the context of the logged in user. Exploitation of this issue requires a victim to open a malicious file.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-06-12
Dell OS10 Networking Switches, versions10.5.6.x, 10.5.5.x, 10.5.4.x and 10.5.3.x ,contain an improper authorization vulnerability. A remote authenticated attacker could potentially exploit this vulnerability leading to escalation of privileges.
CVSS Score
8.8
EPSS Score
0.017
Published
2024-06-12