Request a Demo
Rewterz
Multiple Juniper Networks Products Vulnerabilities
January 6, 2025
Rewterz
PLAYFULGHOST Infects VPN Apps through Phishing and SEO Poisoning
January 6, 2025

Multiple Dell Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-52534 CVSS:5.4

Dell ECS, version(s) prior to ECS 3.8.1.3, contain(s) an Authentication Bypass by Capture-replay vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Session theft.

CVE-2024-53291 CVSS:7.5

Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Exposure of Sensitive Information Through Metadata vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

CVE-2024-47978 CVSS:7.8

Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

CVE-2024-52543 CVSS:6.5

Dell NativeEdge, version(s) 2.1.0.0, contain(s) a Creation of Temporary File With Insecure Permissions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.

CVE-2024-52535 CVSS:7.1

Dell SupportAssist for Home PCs versions 4.6.1 and prior and Dell SupportAssist for Business PCs versions 4.5.0 and prior, contain a symbolic link (symlink) attack vulnerability in the software remediation component. A low-privileged authenticated user could potentially exploit this vulnerability, gaining privileges escalation, leading to arbitrary deletion of files and folders from the system.

CVE-2024-51532 CVSS:7.1

Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files.

CVE-2024-47480 CVSS:7.8

Dell Inventory Collector Client, versions prior to 12.7.0, contains an Improper Link Resolution Before File Access vulnerability. A low-privilege attacker with local access may exploit this vulnerability, potentially resulting in Elevation of Privileges and unauthorized file system access.

CVE-2024-52542 CVSS:4.4

Dell AppSync, version 4.6.0.x, contain a Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information tampering.

Impact

  • Security Bypass
  • Information Disclosure
  • Privilege Escalation
  • Data Manipulation

Indicators of Compromise

CVE

  • CVE-2024-52534
  • CVE-2024-53291
  • CVE-2024-47978
  • CVE-2024-52543
  • CVE-2024-52535
  • CVE-2024-51532
  • CVE-2024-47480
  • CVE-2024-52542

Affected Vendors

Dell

Affected Products

  • Dell ECS 3.8.1.3
  • Dell NativeEdge 2.1.0.0
  • Dell SupportAssist for Home PCs 4.6.1
  • Dell SupportAssist for Business PCs 4.5.0
  • Dell PowerStore
  • Dell Inventory Collector Client 12.7.0
  • Dell AppSync 4.6.0.x

Remediation

Refer to Dell Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2024-52534

CVE-2024-53291

CVE-2024-47978

CVE-2024-52543

CVE-2024-52535

CVE-2024-51532

CVE-2024-47480

CVE-2024-52542