#VU100042 Insufficient Session Expiration in Storage Resource Manager - CVE-2024-47242

Cybersecurity Help s.r.o.

Published: 2024-11-07

Vulnerability identifier: #VU100042

Vulnerability risk: Low

CVSSv4.0: 0.1 [CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47242

CWE-ID: CWE-613

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Storage Resource Manager
Other software / Other software solutions

Vendor: Dell

Description

The vulnerability allows an adjacent user to gain access to sensitive information.

The vulnerability exists due to insufficient session expiration issue. An adjacent user can obtain or guess session token and gain unauthorized access to session that belongs to another user.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Storage Resource Manager: before 5.0.2.0

External links
https://www.dell.com/support/kbdoc/nl-nl/000235152/dsa-2024-421-dell-storage-resource-manager-srm-and-dell-storage-monitoring-and-reporting-smr-security-update-for-multiple-third-party-component-vulnerabilities

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Dell Storage Resource Manager (SRM) and Dell Storage Monitoring and Reporting (SMR)