June 4, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
North Korean APT Kimsuky aka Black Banshee – Active IOCs
December 16, 2024
Threat Actors in Supply Chain Attack Stole 390,000 WordPress Accounts – Active IOCs
December 16, 2024
North Korean APT Kimsuky aka Black Banshee – Active IOCs
December 16, 2024
Threat Actors in Supply Chain Attack Stole 390,000 WordPress Accounts – Active IOCs
December 16, 2024
Severity
High
Analysis Summary
CVE-2024-52538 CVSS:7.6
Dell Avamar, version(s) 19.9, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.
CVE-2024-47484 CVSS:8.2
Dell Avamar, version(s) 19.9, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution.
CVE-2024-47977 CVSS:7.1
Dell Avamar, version(s) 19.9, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.
CVE-2024-53289 CVSS:7.8
Dell ThinOS version 2408 contains a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
CVE-2024-53290 CVSS:8.4
Dell ThinOS version 2408 contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Command execution.
CVE-2024-24902 CVSS:6.6
Dell RecoverPoint for Virtual Machines 6.0.x contains an Improper access control vulnerability. A low privileged local attacker could potentially exploit this vulnerability leading to gaining access to unauthorized data for a limited time.
Impact
- Gain Access
- Data Manipulation
- Privilege Escalation
Indicators of Compromise
CVE
- CVE-2024-52538
- CVE-2024-47484
- CVE-2024-47977
- CVE-2024-53289
- CVE-2024-53290
- CVE-2024-24902
Affected Vendors
Dell
Affected Products
- Dell Avamar Version(s) 19.9
- Dell ThinOS Version 2408
- Dell RecoverPoint for Virtual Machines 6.0.x
Remediation
Refer to Dell Security Advisory for patch, upgrade, or suggested workaround information.
