Products
Dell Command | Update
- before 5.4
Dell Update
- before 5.4
Alienware Update UWP
- before 5.4
Source
security_alert@emc.com
Tags
CVE-2024-28962 details
Last Modified : Aug. 6, 2024, 4:30 p.m.
Description
Dell Command | Update, Dell Update, and Alienware Update UWP, versions prior to 5.4, contain an Exposed Dangerous Method or Function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6.5 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-610 | Externally Controlled Reference to a Resource in Another Sphere | The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
Base Score
6.5
Exploitability Score
3.9
Impact Score
2.5
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
References
URL | Source |
---|---|
https://www.dell.com/support/kbdoc/en-us/000227236/dsa-2024-169 | security_alert@emc.com |