CVE-2024-37129

EUVD-2024-36451
Dell Inventory Collector, versions prior to 12.3.0.6 contains a Path Traversal vulnerability. A local authenticated malicious user could potentially exploit this vulnerability, leading to arbitrary code execution on the system.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.7 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
Affected Products (NVD)
VendorProductVersion
dellinventory_collector
𝑥
< 12.3.0.6
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
dellcommand_update
𝑥
< 12.3.0.6
ADP
dellupdate
𝑥
< 12.3.0.6
ADP
dellalienware_update
𝑥
< 12.3.0.6
ADP
dellsupportassist_for_home_pcs
𝑥
< 12.3.0.6
ADP
dellsupportassist_for_business_pcs
𝑥
< 12.3.0.6
ADP
Common Weakness Enumeration
References
https://www.dell.com/support/kbdoc/en-us/000225779/dsa-2024-263