Back

CVE-2024-28962

Aug. 6, 2024, 4:30 p.m.

Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.

Products

Dell Command | Update

  • before 5.4

Dell Update

  • before 5.4

Alienware Update UWP

  • before 5.4

Source

security_alert@emc.com

Tags

security_alert@emc.com
CWE-610
2024-08-06
CVE-2024-28962

CVE-2024-28962 details

Published : Aug. 6, 2024, 4:16 a.m.
Last Modified : Aug. 6, 2024, 4:30 p.m.

Description

Dell Command | Update, Dell Update, and Alienware Update UWP, versions prior to 5.4, contain an Exposed Dangerous Method or Function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.

CVSS Score

1 2 3 4 5 6.5 7 8 9 10

Weakness

Weakness Name Description
CWE-610 Externally Controlled Reference to a Resource in Another Sphere The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

Base Score

6.5

Exploitability Score

3.9

Impact Score

2.5

Base Severity

MEDIUM

Vector String : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

References

URL Source
https://www.dell.com/support/kbdoc/en-us/000227236/dsa-2024-169 security_alert@emc.com
This website uses the NVD API, but is not approved or certified by it.