Authentication Bypass Vulnerability in Dell ECS
CVE-2024-52534

5.4MEDIUM

Key Information:

Vendor: Dell
Status: Ecs
Vendor: CVE Published:; 25 December 2024

What is CVE-2024-52534?

Dell ECS is affected by an authentication bypass vulnerability that allows low-privileged attackers with remote access to exploit session information through a capture-replay mechanism. This could potentially lead to unauthorized access to user sessions, raising significant security concerns for organizations utilizing this storage solution. It is crucial for users of Dell ECS to apply the latest updates and patches to mitigate the risks associated with this vulnerability.

Affected Version(s)

ECS < 3.8.1.3

References

https://www.dell.com/support/kbdoc/en-us/000256642/dsa-20...

vendor-advisory

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 25, 2024
Vulnerability Reserved
Nov 12, 2024