Impact
High
Details
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
CVE-2024-28964 |
Dell Common Event Enabler, version 8.9.10.0 and prior, contain an insecure deserialization vulnerability in CAVATools. A local unauthenticated attacker could potentially exploit this vulnerability, leading to arbitrary code execution in the context of the logged in user. Exploitation of this issue requires a victim to open a malicious file. |
7.8 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H![This hyperlink is taking you to a website outside of Dell Technologies. This hyperlink is taking you to a website outside of Dell Technologies.](https://i.dell.com/is/image/DellContent/pop-up-arrow-corner-carbon-64px-1) |
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
CVE-2024-28964 |
Dell Common Event Enabler, version 8.9.10.0 and prior, contain an insecure deserialization vulnerability in CAVATools. A local unauthenticated attacker could potentially exploit this vulnerability, leading to arbitrary code execution in the context of the logged in user. Exploitation of this issue requires a victim to open a malicious file. |
7.8 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H![This hyperlink is taking you to a website outside of Dell Technologies. This hyperlink is taking you to a website outside of Dell Technologies.](https://i.dell.com/is/image/DellContent/pop-up-arrow-corner-carbon-64px-1) |
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.
Affected Products and Remediation
Dell would like to thank Jakub Brzozowski (redfr0g) for reporting this issue.
Workarounds and Mitigations
CVE ID |
Workaround and Mitigation |
CVE-2024-28964 |
To mitigate the threat, it is recommended that the user not load .cavac files that cannot be trusted. Additionally. do not run CAVATool as admin user, always run the tool as a low privileged user. |
Revision History
Revision | Date | Description |
---|
1.0 | 2024-04-30 | Initial Release |
Related Information
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide