CVE-2024-47475 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
dell	CNA	5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 10%

Vendor	Product	Version
dell	powerscale_onefs	8.2.2 ≤ 𝑥 < 9.4.0.20
dell	powerscale_onefs	9.5.0.0 ≤ 𝑥 ≤ 9.5.0.8
dell	powerscale_onefs	9.6.0 ≤ 𝑥 ≤ 9.7.0.3
dell	powerscale_onefs	9.8.0.0 ≤ 𝑥 ≤ 9.8.0.2

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-732 - Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References

https://www.dell.com/support/kbdoc/en-us/000242681/dsa-2024-417-security-update-for-dell-powerscale-onefs-for-security-vulnerability