#VU94829 Improper privilege management in EMC ECS - CVE-2024-30473

Cybersecurity Help s.r.o.

Published: 2024-07-29

Vulnerability identifier: #VU94829

Vulnerability risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-30473

CWE-ID: CWE-269

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
EMC ECS
Other software / Other software solutions

Vendor: Dell

Description

The vulnerability allows a remote privileged user to gaining access to unauthorized end points.

The vulnerability exists due to improper privilege management. A remote high privileged attacker can exploit this vulnerability, gaining access to unauthorized end points.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

EMC ECS: before 3.8.1

External links
https://www.dell.com/support/kbdoc/en-us/000227051/dsa-2024-239-security-update-dell-ecs-3-8-1-1-for-multiple-security-vulnerabilities

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Dell ECS