Multiple IBM Products Vulnerabilities
September 2, 2024Cobalt Strike Malware – Active IOCs
September 2, 2024Multiple IBM Products Vulnerabilities
September 2, 2024Cobalt Strike Malware – Active IOCs
September 2, 2024Severity
Medium
Analysis Summary
CVE-2024-38483 CVSS:5.6
Dell BIOS could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an insecure deserialization vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-38304 CVSS:3.8
Dell PowerEdge Server could allow a local authenticated attacker to obtain sensitive information, caused by an access of memory location after end of buffer vulnerability. An attacker could exploit this vulnerability to obtain sensitive information.
Impact
- Code Execution
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-38483
- CVE-2024-38304
Affected Vendors
Affected Products
- Dell Latitude 5290 2-in-1
- Dell PowerEdge R740 - 2.22.0
- Dell PowerEdge R740XD - 2.22.0
Remediation
Refer to Dell Security Advisory for patch, upgrade or suggested workaround information.