Article Number: 000223508
DSA-2024-121: Security Update for Grab for Windows Vulnerabilities
Summary: Dell Grab for Windows remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Article Content
Impact
Medium
Details
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-25956 | Dell Grab for Windows, versions 5.0.4 and below, contains an improper file permissions vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the information disclosure of certain system information. | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
| CVE-2024-25957 | Dell Grab for Windows, versions 5.0.4 and below, contains a cleartext storage of sensitive information vulnerability in its appsync module. An authenticated local attacker could potentially exploit this vulnerability, leading to information disclosure that could be used to access the appsync application with elevated privileges. | 4.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L |
| CVE-2024-25958 | Dell Grab for Windows, versions up to and including 5.0.4, contain Weak Application Folder Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to privilege escalation, unauthorized access to application data, unauthorized modification of application data and service disruption. | 6.7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-25956 | Dell Grab for Windows, versions 5.0.4 and below, contains an improper file permissions vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the information disclosure of certain system information. | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
| CVE-2024-25957 | Dell Grab for Windows, versions 5.0.4 and below, contains a cleartext storage of sensitive information vulnerability in its appsync module. An authenticated local attacker could potentially exploit this vulnerability, leading to information disclosure that could be used to access the appsync application with elevated privileges. | 4.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L |
| CVE-2024-25958 | Dell Grab for Windows, versions up to and including 5.0.4, contain Weak Application Folder Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to privilege escalation, unauthorized access to application data, unauthorized modification of application data and service disruption. | 6.7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
Affected Products and Remediation
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|
| CVE-2024-25956, CVE-2024-25957, CVE-2024-25958 | Grab for Windows | Versions prior to 5.0.5 | Version 5.0.5 | Solutions (dell.com) |
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|
| CVE-2024-25956, CVE-2024-25957, CVE-2024-25958 | Grab for Windows | Versions prior to 5.0.5 | Version 5.0.5 | Solutions (dell.com) |
Workarounds and Mitigations
None
Revision History
| Revision | Date | Description |
| 1.0 | 2024-03-26 | Initial Release |
Related Information
Legal Information
Article Properties
Affected Product
Product Security Information
Last Published Date
26 Mar 2024
Article Type
Dell Security Advisory