June 30, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
DragonRank Campaign Targets European and Asian IIS Servers – Active IOCs
September 12, 2024Quad7 Botnet Expands Actively by Targeting VPN Appliances and SOHO Routers – Active IOCs
September 12, 2024DragonRank Campaign Targets European and Asian IIS Servers – Active IOCs
September 12, 2024Quad7 Botnet Expands Actively by Targeting VPN Appliances and SOHO Routers – Active IOCs
September 12, 2024
Severity
Medium
Analysis Summary
CVE-2024-39582 CVSS:2.3
Dell PowerScale InsightIQ could allow a remote attacker to obtain sensitive information, caused by use of hard coded credentials vulnerability. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive information and use this information to launch further attacks against the affected system.
CVE-2024-39574 CVSS:6.7
Dell PowerScale InsightIQ is vulnerable to a denial of service, caused by improper privilege management vulnerability. By persuading a victim to open a specially crafted file, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVE-2024-39580 CVSS:6.7
Dell PowerScale InsightIQ could allow a remote authenticated attacker to gain elevated privileges on the system caused by improper access control vulnerability.
Impact
- Information Disclosure
- Denial of Service
- Privilege Escalation
Indicators of Compromise
CVE
- CVE-2024-39582
- CVE-2024-39574
- CVE-2024-39580
Affected Vendors
Dell
Affected Products
- Dell PowerScale InsightIQ 5.1
- Dell PowerScale InsightIQ 5.0
Remediation
Refer to Dell Security Advisory for patch, upgrade or suggested workaround information.