Severity
Medium
Analysis Summary
CVE-2023-32475 CVSS:4.7
Dell BIOS could allow a local authenticated attacker to execute arbitrary code on the system, caused by an out-of-bounds write vulnerability. An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-24908 CVSS:6.5
Dell PowerProtect DM5500 could allow a remote authenticated attacker to traverse directories on the system, caused by improper validation of user request by the API module. An attacker could send a specially crafted URL request containing "dot dot" sequences to read arbitrary files on the server filesystem with the privileges of the running web application.
CVE-2024-32856 CVSS:5.1
Dell CPG BIOS could allow a local authenticated attacker to obtain sensitive information, caused by an improper input validation vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
Impact
- Gain Access
- Information Obtain
Indicators of Compromise
CVE
- CVE-2023-32475
- CVE-2024-24908
- CVE-2024-32856
Affected Vendors
Affected Products
- Dell CPG BIOS
- Delll PowerProtect Data Manager Appliance DM5500 5.15
Remediation
Refer to Dell Security Advisory for patch, upgrade or suggested workaround information.