Dell ThinOS Command Injection Vulnerability Leads to Unauthorized Command Execution
CVE-2024-53290

8.4HIGH

Key Information:

Vendor: Dell
Status: Thinos
Vendor: CVE Published:; 11 December 2024

Summary

A vulnerability exists in Dell ThinOS version 2408 that allows an unauthenticated attacker with local access to execute arbitrary commands through improper neutralization of special command elements, potentially compromising system integrity and security.

References

https://www.dell.com/support/kbdoc/en-us/000248475/dsa-20...

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 11, 2024