Authentication Bypass Vulnerability in Dell ECS

CVE-2024-52534

5.4MEDIUM

Key Information

Vendor: Dell
Status: Ecs
Vendor: CVE Published:; 25 December 2024

Summary

Dell ECS is affected by an authentication bypass vulnerability that allows low-privileged attackers with remote access to exploit session information through a capture-replay mechanism. This could potentially lead to unauthorized access to user sessions, raising significant security concerns for organizations utilizing this storage solution. It is crucial for users of Dell ECS to apply the latest updates and patches to mitigate the risks associated with this vulnerability.

Affected Version(s)

ECS < 3.8.1.3

References

https://www.dell.com/support/kbdoc/en-us/000256642/dsa-20...

vendor-advisory

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 25, 2024
Vulnerability Reserved
Nov 12, 2024

Collectors

NVD DatabaseMitre Database