Multiple Juniper Networks Products Vulnerabilities
January 6, 2025PLAYFULGHOST Infects VPN Apps through Phishing and SEO Poisoning
January 6, 2025Multiple Juniper Networks Products Vulnerabilities
January 6, 2025PLAYFULGHOST Infects VPN Apps through Phishing and SEO Poisoning
January 6, 2025Severity
Medium
Analysis Summary
CVE-2024-52534 CVSS:5.4
Dell ECS, version(s) prior to ECS 3.8.1.3, contain(s) an Authentication Bypass by Capture-replay vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Session theft.
CVE-2024-53291 CVSS:7.5
Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Exposure of Sensitive Information Through Metadata vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
CVE-2024-47978 CVSS:7.8
Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
CVE-2024-52543 CVSS:6.5
Dell NativeEdge, version(s) 2.1.0.0, contain(s) a Creation of Temporary File With Insecure Permissions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.
CVE-2024-52535 CVSS:7.1
Dell SupportAssist for Home PCs versions 4.6.1 and prior and Dell SupportAssist for Business PCs versions 4.5.0 and prior, contain a symbolic link (symlink) attack vulnerability in the software remediation component. A low-privileged authenticated user could potentially exploit this vulnerability, gaining privileges escalation, leading to arbitrary deletion of files and folders from the system.
CVE-2024-51532 CVSS:7.1
Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files.
CVE-2024-47480 CVSS:7.8
Dell Inventory Collector Client, versions prior to 12.7.0, contains an Improper Link Resolution Before File Access vulnerability. A low-privilege attacker with local access may exploit this vulnerability, potentially resulting in Elevation of Privileges and unauthorized file system access.
CVE-2024-52542 CVSS:4.4
Dell AppSync, version 4.6.0.x, contain a Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information tampering.
Impact
- Security Bypass
- Information Disclosure
- Privilege Escalation
- Data Manipulation
Indicators of Compromise
CVE
- CVE-2024-52534
- CVE-2024-53291
- CVE-2024-47978
- CVE-2024-52543
- CVE-2024-52535
- CVE-2024-51532
- CVE-2024-47480
- CVE-2024-52542
Affected Vendors
Affected Products
- Dell ECS 3.8.1.3
- Dell NativeEdge 2.1.0.0
- Dell SupportAssist for Home PCs 4.6.1
- Dell SupportAssist for Business PCs 4.5.0
- Dell PowerStore
- Dell Inventory Collector Client 12.7.0
- Dell AppSync 4.6.0.x
Remediation
Refer to Dell Security Advisory for patch, upgrade, or suggested workaround information.