Common Weakness Enumeration

CWE-269

Discouraged

Improper Privilege Management

Abstraction: Class · Status: Draft

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

5455 vulnerabilities reference this CWE, most recent first.

CVE-2024-0197 (GCVE-0-2024-0197)

Vulnerability from cvelistv5 – Published: 2024-02-27 12:48 – Updated: 2024-08-09 15:26
VLAI
Title
Privilege Escalation in Thales SafeNet Sentinel HASP LDK
Summary
A flaw in the installer for Thales SafeNet Sentinel HASP LDK prior to 9.16 on Windows allows an attacker to escalate their privilege level via local access.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
Vendor Product Version
Thales Sentinel HASP LDK Affected: 0 , < 9.16 (9.16)
Create a notification for this product.
thalesgroup safenet_sentinel_hasp Affected: 0 , < 9.16 (custom)
    cpe:2.3:a:thalesgroup:safenet_sentinel_hasp:*:*:*:*:*:*:*:*
Create a notification for this product.
thalesgroup safenet_sentinel_ldk Affected: 0 , ≤ 9.16 (custom)
    cpe:2.3:a:thalesgroup:safenet_sentinel_ldk:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-02-15 23:00
Credits
Julian Horoszkiewicz (Eviden Red Team)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T17:41:16.069Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://supportportal.thalesgroup.com"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:thalesgroup:safenet_sentinel_hasp:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "safenet_sentinel_hasp",
            "vendor": "thalesgroup",
            "versions": [
              {
                "lessThan": "9.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:thalesgroup:safenet_sentinel_ldk:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "safenet_sentinel_ldk",
            "vendor": "thalesgroup",
            "versions": [
              {
                "lessThanOrEqual": "9.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-0197",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-01T17:56:38.989974Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-09T15:26:44.274Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Sentinel HASP LDK",
          "vendor": "Thales",
          "versions": [
            {
              "lessThan": "9.16",
              "status": "affected",
              "version": "0",
              "versionType": "9.16"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Julian Horoszkiewicz (Eviden Red Team)"
        }
      ],
      "datePublic": "2024-02-15T23:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A flaw in the installer for Thales SafeNet Sentinel HASP LDK prior to 9.16 on Windows allows an attacker to escalate their privilege level via local access.\n\n"
            }
          ],
          "value": "A flaw in the installer for Thales SafeNet Sentinel HASP LDK prior to 9.16 on Windows allows an attacker to escalate their privilege level via local access.\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-27T12:48:13.263Z",
        "orgId": "9d5917ae-205d-4ae5-8749-1f49479b1395",
        "shortName": "THA-PSIRT"
      },
      "references": [
        {
          "url": "https://supportportal.thalesgroup.com"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Upgrade to Thales Sentinel LDK version 9.16.\u003cbr\u003e"
            }
          ],
          "value": "Upgrade to Thales Sentinel LDK version 9.16.\n"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Privilege Escalation in Thales SafeNet Sentinel HASP LDK",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9d5917ae-205d-4ae5-8749-1f49479b1395",
    "assignerShortName": "THA-PSIRT",
    "cveId": "CVE-2024-0197",
    "datePublished": "2024-02-27T12:48:13.263Z",
    "dateReserved": "2024-01-02T15:23:33.572Z",
    "dateUpdated": "2024-08-09T15:26:44.274Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-0172 (GCVE-0-2024-0172)

Vulnerability from cvelistv5 – Published: 2024-04-03 09:09 – Updated: 2024-08-20 20:30
VLAI
Summary
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
Vendor Product Version
Dell PowerEdge Platform Affected: N/A , < 1.5.6 (semver)
Affected: N/A , < 1.1.3 (semver)
Affected: N/A , < 1.1.4 (semver)
Affected: N/A , < 1.2.5 (semver)
Affected: N/A , < 1.3.6 (semver)
Affected: N/A , < 1.4.6 (semver)
Affected: N/A , < 1.11.2 (semver)
Affected: N/A , < 1.7.3 (semver)
Affected: N/A , < 1.12.1 (semver)
Affected: N/A , < 2.12.4 (semver)
Affected: N/A , < 2.19.1 (semver)
Affected: N/A , < 2.19.0 (semver)
Affected: N/A , < 2.14.1 (semver)
Affected: N/A , < 1.20.0 (semver)
Create a notification for this product.
dell poweredge_r660_firmware Affected: 0 , < 1.5.6 (custom)
    cpe:2.3:o:dell:poweredge_r660_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_r760_firmware Affected: 0 , < 1.5.6 (custom)
    cpe:2.3:o:dell:poweredge_r760_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_c6620_firmware Affected: 0 , < 1.5.6 (custom)
    cpe:2.3:o:dell:poweredge_c6620_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_mx760c_firmware Affected: 0 , < 1.5.6 (custom)
    cpe:2.3:o:dell:poweredge_mx760c_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_r860_firmware Affected: 0 , < 1.5.6 (custom)
    cpe:2.3:o:dell:poweredge_r860_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_r960_firmware Affected: 0 , < 1.5.6 (custom)
    cpe:2.3:o:dell:poweredge_r960_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_hs5610_firmware Affected: 0 , < 1.5.6 (custom)
    cpe:2.3:o:dell:poweredge_hs5610_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_hs5620_firmware Affected: 0 , < 1.5.6 (custom)
    cpe:2.3:o:dell:poweredge_hs5620_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_r660xs_firmware Affected: 0 , < 1.5.6 (custom)
    cpe:2.3:o:dell:poweredge_r660xs_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_r760xs_firmware Affected: 0 , < 1.5.6 (custom)
    cpe:2.3:o:dell:poweredge_r760xs_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_r760xd2_firmware Affected: 0 , < 1.5.6 (custom)
    cpe:2.3:o:dell:poweredge_r760xd2_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_t560_firmware Affected: 0 , < 1.5.6 (custom)
    cpe:2.3:o:dell:poweredge_t560_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_r760xa_firmware Affected: 0 , < 1.1.3 (custom)
    cpe:2.3:o:dell:poweredge_r760xa_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_xe9680_firmware Affected: 0 , < 1.1.3 (custom)
    cpe:2.3:o:dell:poweredge_xe9680_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_xr5610_firmware Affected: 0 , < 1.1.4 (custom)
    cpe:2.3:o:dell:poweredge_xr5610_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_xr8620t_firmware Affected: 0 , < 1.1.3 (custom)
    cpe:2.3:o:dell:poweredge_xr8620t_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_xr7620_firmware Affected: 0 , < 1.5.6 (custom)
    cpe:2.3:o:dell:poweredge_xr7620_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_xe8640_firmware Affected: 0 , < 1.2.5 (custom)
    cpe:2.3:o:dell:poweredge_xe8640_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_xe9640_firmware Affected: 0 , < 1.3.6 (custom)
    cpe:2.3:o:dell:poweredge_xe9640_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_r6615_firmware Affected: 0 , < 1.4.6 (custom)
    cpe:2.3:o:dell:poweredge_r6615_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_r7615_firmware Affected: 0 , < 1.4.6 (custom)
    cpe:2.3:o:dell:poweredge_r7615_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_r6625_firmware Affected: 0 , < 1.4.6 (custom)
    cpe:2.3:o:dell:poweredge_r6625_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_r7625_firmware Affected: 0 , < 1.4.6 (custom)
    cpe:2.3:o:dell:poweredge_r7625_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_r650_firmware Affected: 0 , < 1.11.2 (custom)
    cpe:2.3:o:dell:poweredge_r650_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_r750_firmware Affected: 0 , < 1.11.2 (custom)
    cpe:2.3:o:dell:poweredge_r750_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_r750xa_firmware Affected: 0 , < 1.11.2 (custom)
    cpe:2.3:o:dell:poweredge_r750xa_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_c6520_firmware Affected: 0 , < 1.11.2 (custom)
    cpe:2.3:o:dell:poweredge_c6520_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_mx750c_firmware Affected: 0 , < 1.11.2 (custom)
    cpe:2.3:o:dell:poweredge_mx750c_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_r550_firmware Affected: 0 , < 1.11.2 (custom)
    cpe:2.3:o:dell:poweredge_r550_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_r450_firmware Affected: 0 , < 1.11.2 (custom)
    cpe:2.3:o:dell:poweredge_r450_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_r650xs_firmware Affected: 0 , < 1.11.2 (custom)
    cpe:2.3:o:dell:poweredge_r650xs_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_r750xs_firmware Affected: 0 , < 1.11.2 (custom)
    cpe:2.3:o:dell:poweredge_r750xs_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_t550_firmware Affected: 0 , < 1.11.2 (custom)
    cpe:2.3:o:dell:poweredge_t550_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_xr11_firmware Affected: 0 , < 1.11.2 (custom)
    cpe:2.3:o:dell:poweredge_xr11_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_xr12_firmware Affected: 0 , < 1.11.2 (custom)
    cpe:2.3:o:dell:poweredge_xr12_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_t150_firmware Affected: 0 , < 1.7.3 (custom)
    cpe:2.3:o:dell:poweredge_t150_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_t350_firmware Affected: 0 , < 1.7.3 (custom)
    cpe:2.3:o:dell:poweredge_t350_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_r250_firmware Affected: 0 , < 1.7.3 (custom)
    cpe:2.3:o:dell:poweredge_r250_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_r350_firmware Affected: 0 , < 1.7.3 (custom)
    cpe:2.3:o:dell:poweredge_r350_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_xr4510c_firmware Affected: 0 , < 1.12.1 (custom)
    cpe:2.3:o:dell:poweredge_xr4510c_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_xr4520c_firmware Affected: 0 , < 1.12.1 (custom)
    cpe:2.3:o:dell:poweredge_xr4520c_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_r6515_firmware Affected: 0 , < 2.12.4 (custom)
    cpe:2.3:o:dell:poweredge_r6515_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_r6525_firmware Affected: 0 , < 2.12.4 (custom)
    cpe:2.3:o:dell:poweredge_r6525_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_r7515_firmware Affected: 0 , < 2.12.4 (custom)
    cpe:2.3:o:dell:poweredge_r7515_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_r7525_firmware Affected: 0 , < 2.12.4 (custom)
    cpe:2.3:o:dell:poweredge_r7525_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_c6525_firmware Affected: 0 , < 2.12.4 (custom)
    cpe:2.3:o:dell:poweredge_c6525_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_xe8545_firmware Affected: 0 , < 2.12.4 (custom)
    cpe:2.3:o:dell:poweredge_xe8545_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_r740_firmware Affected: 0 , < 2.19.1 (custom)
    cpe:2.3:o:dell:poweredge_r740_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_r740xd_firmware Affected: 0 , < 2.19.1 (custom)
    cpe:2.3:o:dell:poweredge_r740xd_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_r640_firmware Affected: 0 , < 2.19.1 (custom)
    cpe:2.3:o:dell:poweredge_r640_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_r940_firmware Affected: 0 , < 2.19.1 (custom)
    cpe:2.3:o:dell:poweredge_r940_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_r540_firmware Affected: 0 , < 2.19.1 (custom)
    cpe:2.3:o:dell:poweredge_r540_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_r440_firmware Affected: 0 , < 2.19.1 (custom)
    cpe:2.3:o:dell:poweredge_r440_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_t440_firmware Affected: 0 , < 2.19.1 (custom)
    cpe:2.3:o:dell:poweredge_t440_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_xr2_firmware Affected: 0 , < 2.19.1 (custom)
    cpe:2.3:o:dell:poweredge_xr2_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_r740xd2_firmware Affected: 0 , < 2.19.1 (custom)
    cpe:2.3:o:dell:poweredge_r740xd2_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_r840_firmware Affected: 0 , < 2.19.1 (custom)
    cpe:2.3:o:dell:poweredge_r840_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_r940xa_firmware Affected: 0 , < 2.19.1 (custom)
    cpe:2.3:o:dell:poweredge_r940xa_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_t640_firmware Affected: 0 , < 2.19.1 (custom)
    cpe:2.3:o:dell:poweredge_t640_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_c6420_firmware Affected: 0 , < 2.19.1 (custom)
    cpe:2.3:o:dell:poweredge_c6420_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_fc640_firmware Affected: 0 , < 2.19.1 (custom)
    cpe:2.3:o:dell:poweredge_fc640_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_m640_firmware Affected: 0 , < 2.19.1 (custom)
    cpe:2.3:o:dell:poweredge_m640_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_mx740c_firmware Affected: 0 , < 2.19.1 (custom)
    cpe:2.3:o:dell:poweredge_mx740c_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_mx840c_firmware Affected: 0 , < 2.19.1 (custom)
    cpe:2.3:o:dell:poweredge_mx840c_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_c4140_firmware Affected: 0 , < 2.19.1 (custom)
    cpe:2.3:o:dell:poweredge_c4140_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_xe2420_firmware Affected: 0 , < 2.19.0 (custom)
    cpe:2.3:o:dell:poweredge_xe2420_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_xe7420_firmware Affected: 0 , < 2.19.0 (custom)
    cpe:2.3:o:dell:poweredge_xe7420_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_xe7440_firmware Affected: 0 , < 2.19.0 (custom)
    cpe:2.3:o:dell:poweredge_xe7440_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_t140_firmware Affected: 0 , < 2.14.1 (custom)
    cpe:2.3:o:dell:poweredge_t140_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_t340_firmware Affected: 0 , < 2.14.1 (custom)
    cpe:2.3:o:dell:poweredge_t340_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_r240_firmware Affected: 0 , < 2.14.1 (custom)
    cpe:2.3:o:dell:poweredge_r240_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_r340_firmware Affected: 0 , < 2.14.1 (custom)
    cpe:2.3:o:dell:poweredge_r340_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_r6415_firmware Affected: 0 , < 1.20.0 (custom)
    cpe:2.3:o:dell:poweredge_r6415_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_r7415_firmware Affected: 0 , < 1.20.0 (custom)
    cpe:2.3:o:dell:poweredge_r7415_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell poweredge_r7425_firmware Affected: 0 , < 1.20.0 (custom)
    cpe:2.3:o:dell:poweredge_r7425_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell emc_storage_nx3240_firmware Affected: 0 , < 2.19.1 (custom)
    cpe:2.3:o:dell:emc_storage_nx3240_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
dell emc_storage_nx3340_firmware Affected: 0 , < 2.19.1 (custom)
    cpe:2.3:o:dell:emc_storage_nx3340_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
dell emc_xc_core_xc450_firmware Affected: 0 , < 1.11.2 (custom)
    cpe:2.3:o:dell:emc_xc_core_xc450_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell emc_xc_core_xc650_firmware Affected: 0 , < 1.11.2 (custom)
    cpe:2.3:o:dell:emc_xc_core_xc650_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell emc_xc_core_xc750_firmware Affected: 0 , < 1.11.2 (custom)
    cpe:2.3:o:dell:emc_xc_core_xc750_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-04-02 06:30
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T17:41:16.006Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/kbdoc/en-us/000223727/dsa-2024-035-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerability"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_r660_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_r660_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.5.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_r760_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_r760_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.5.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_c6620_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_c6620_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.5.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_mx760c_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_mx760c_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.5.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_r860_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_r860_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.5.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_r960_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_r960_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.5.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_hs5610_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_hs5610_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.5.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_hs5620_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_hs5620_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.5.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_r660xs_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_r660xs_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.5.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_r760xs_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_r760xs_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.5.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_r760xd2_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_r760xd2_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.5.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_t560_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_t560_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.5.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_r760xa_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_r760xa_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.1.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_xe9680_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_xe9680_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.1.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_xr5610_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_xr5610_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.1.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_xr8620t_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_xr8620t_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.1.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_xr7620_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_xr7620_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.5.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_xe8640_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_xe8640_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.2.5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_xe9640_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_xe9640_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.3.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_r6615_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_r6615_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_r7615_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_r7615_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_r6625_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_r6625_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_r7625_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_r7625_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_r650_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_r650_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.11.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_r750_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_r750_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.11.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_r750xa_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_r750xa_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.11.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_c6520_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_c6520_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.11.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_mx750c_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_mx750c_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.11.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_r550_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_r550_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.11.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_r450_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_r450_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.11.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_r650xs_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_r650xs_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.11.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_r750xs_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_r750xs_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.11.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_t550_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_t550_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.11.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_xr11_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_xr11_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.11.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_xr12_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_xr12_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.11.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_t150_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_t150_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.7.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_t350_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_t350_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.7.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_r250_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_r250_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.7.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_r350_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_r350_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.7.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_xr4510c_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_xr4510c_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.12.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_xr4520c_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_xr4520c_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.12.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_r6515_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_r6515_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "2.12.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_r6525_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_r6525_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "2.12.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_r7515_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_r7515_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "2.12.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_r7525_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_r7525_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "2.12.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_c6525_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_c6525_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "2.12.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_xe8545_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_xe8545_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "2.12.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_r740_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_r740_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "2.19.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_r740xd_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_r740xd_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "2.19.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_r640_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_r640_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "2.19.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_r940_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_r940_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "2.19.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_r540_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_r540_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "2.19.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_r440_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_r440_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "2.19.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_t440_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_t440_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "2.19.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_xr2_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_xr2_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "2.19.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_r740xd2_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_r740xd2_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "2.19.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_r840_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_r840_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "2.19.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_r940xa_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_r940xa_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "2.19.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_t640_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_t640_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "2.19.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_c6420_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_c6420_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "2.19.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_fc640_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_fc640_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "2.19.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_m640_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_m640_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "2.19.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_mx740c_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_mx740c_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "2.19.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_mx840c_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_mx840c_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "2.19.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_c4140_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_c4140_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "2.19.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_xe2420_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_xe2420_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "2.19.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_xe7420_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_xe7420_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "2.19.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_xe7440_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_xe7440_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "2.19.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_t140_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_t140_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "2.14.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_t340_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_t340_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "2.14.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_r240_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_r240_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "2.14.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_r340_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_r340_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "2.14.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_r6415_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_r6415_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.20.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_r7415_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_r7415_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.20.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:poweredge_r7425_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "poweredge_r7425_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.20.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:emc_storage_nx3240_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "emc_storage_nx3240_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "2.19.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:emc_storage_nx3340_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "emc_storage_nx3340_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "2.19.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:emc_xc_core_xc450_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "emc_xc_core_xc450_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.11.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:emc_xc_core_xc650_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "emc_xc_core_xc650_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.11.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:emc_xc_core_xc750_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "emc_xc_core_xc750_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.11.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-0172",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-11T04:01:19.460976Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-20T20:30:48.954Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PowerEdge Platform",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.5.6",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.1.3",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.1.4",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.2.5",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.3.6",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.4.6",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.11.2",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.7.3",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.12.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.12.4",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.19.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.19.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.14.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.20.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-04-02T06:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation."
            }
          ],
          "value": "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 7.9,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269: Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-03T09:09:18.449Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000223727/dsa-2024-035-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerability"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2024-0172",
    "datePublished": "2024-04-03T09:09:18.449Z",
    "dateReserved": "2023-12-14T05:35:36.325Z",
    "dateUpdated": "2024-08-20T20:30:48.954Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-0097 (GCVE-0-2024-0097)

Vulnerability from cvelistv5 – Published: 2024-05-09 22:16 – Updated: 2024-08-01 17:41
VLAI
Title
CVE
Summary
NVIDIA ChatRTX for Windows contains a vulnerability in ChatRTX UI, where a user can cause an improper privilege management issue by exploiting interprocess communication between different processes. A successful exploit of this vulnerability might lead to information disclosure, escalation of privileges, and data tampering.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
nvidia ChatRTX Affected: All versions prior to and including 0.2.1
Create a notification for this product.
nvidia chatrtx Affected: 0 , ≤ 0.2.1 (custom)
    cpe:2.3:a:nvidia:chatrtx:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:nvidia:chatrtx:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "chatrtx",
            "vendor": "nvidia",
            "versions": [
              {
                "lessThanOrEqual": "0.2.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-0097",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-10T16:48:39.489651Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-06T13:05:37.589Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T17:41:15.925Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5533"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ChatRTX",
          "vendor": "nvidia",
          "versions": [
            {
              "status": "affected",
              "version": "All versions prior to and including 0.2.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": true,
              "type": "text/html",
              "value": "NVIDIA ChatRTX for Windows contains a vulnerability in ChatRTX UI, where a user can cause an improper privilege management issue by exploiting interprocess communication between different processes. A successful exploit of this vulnerability might lead to information disclosure, escalation of privileges, and data tampering."
            }
          ],
          "value": "NVIDIA ChatRTX for Windows contains a vulnerability in ChatRTX UI, where a user can cause an improper privilege management issue by exploiting interprocess communication between different processes. A successful exploit of this vulnerability might lead to information disclosure, escalation of privileges, and data tampering."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Information disclosure, escalation of privileges, data tampering"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-09T22:16:43.481Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5533"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "CVE"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2024-0097",
    "datePublished": "2024-05-09T22:16:43.481Z",
    "dateReserved": "2023-12-02T00:42:06.849Z",
    "dateUpdated": "2024-08-01T17:41:15.925Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-0096 (GCVE-0-2024-0096)

Vulnerability from cvelistv5 – Published: 2024-05-09 22:16 – Updated: 2024-08-01 17:41
VLAI
Title
CVE
Summary
NVIDIA ChatRTX for Windows contains a vulnerability in Chat RTX UI, where a user can cause an improper privilege management issue by sending user inputs to change execution flow. A successful exploit of this vulnerability might lead to information disclosure, escalation of privileges, and data tampering.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
nvidia ChatRTX Affected: All versions prior to and including 0.2.1
Create a notification for this product.
nvidia chatrtx Affected: 0 , ≤ 0.2.1 (custom)
    cpe:2.3:a:nvidia:chatrtx:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:nvidia:chatrtx:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "chatrtx",
            "vendor": "nvidia",
            "versions": [
              {
                "lessThanOrEqual": "0.2.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-0096",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-10T16:53:17.080134Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-06T13:05:23.260Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T17:41:15.883Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5533"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ChatRTX",
          "vendor": "nvidia",
          "versions": [
            {
              "status": "affected",
              "version": "All versions prior to and including 0.2.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": true,
              "type": "text/html",
              "value": "NVIDIA ChatRTX for Windows contains a vulnerability in Chat RTX UI, where a user can cause an improper privilege management issue by sending user inputs to change execution flow. A successful exploit of this vulnerability might lead to information disclosure, escalation of privileges, and data tampering."
            }
          ],
          "value": "NVIDIA ChatRTX for Windows contains a vulnerability in Chat RTX UI, where a user can cause an improper privilege management issue by sending user inputs to change execution flow. A successful exploit of this vulnerability might lead to information disclosure, escalation of privileges, and data tampering."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Information disclosure, escalation of privileges, data tampering"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-09T22:16:43.086Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5533"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "CVE"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2024-0096",
    "datePublished": "2024-05-09T22:16:43.086Z",
    "dateReserved": "2023-12-02T00:42:05.784Z",
    "dateUpdated": "2024-08-01T17:41:15.883Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-0082 (GCVE-0-2024-0082)

Vulnerability from cvelistv5 – Published: 2024-04-08 22:00 – Updated: 2024-08-01 17:41
VLAI
Title
CVE
Summary
NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause improper privilege management by sending open file requests to the application. A successful exploit of this vulnerability might lead to local escalation of privileges, information disclosure, and data tampering
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
nvidia ChatRTX Affected: 0.2 and prior versions
Create a notification for this product.
nvidia chatrtx Affected: 0 , ≤ 0.2 (custom)
    cpe:2.3:a:nvidia:chatrtx:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:nvidia:chatrtx:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "chatrtx",
            "vendor": "nvidia",
            "versions": [
              {
                "lessThanOrEqual": "0.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-0082",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-10T16:54:08.246544Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-06T13:05:04.914Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T17:41:16.012Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5532"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ChatRTX",
          "vendor": "nvidia",
          "versions": [
            {
              "status": "affected",
              "version": "0.2 and prior versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": true,
              "type": "text/html",
              "value": "NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause improper privilege management by sending open file requests to the application. A successful exploit of this vulnerability might lead to local escalation of privileges, information disclosure, and data tampering"
            }
          ],
          "value": "NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause improper privilege management by sending open file requests to the application. A successful exploit of this vulnerability might lead to local escalation of privileges, information disclosure, and data tampering"
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Privilege escalation, information disclosure, data tampering"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-08T22:00:35.763Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5532"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "CVE"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2024-0082",
    "datePublished": "2024-04-08T22:00:35.763Z",
    "dateReserved": "2023-12-02T00:41:53.225Z",
    "dateUpdated": "2024-08-01T17:41:16.012Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-0003 (GCVE-0-2024-0003)

Vulnerability from cvelistv5 – Published: 2024-09-23 17:27 – Updated: 2024-09-24 13:28
VLAI
Summary
A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
Assigner
References
URL Tags
https://purestorage.com/security vendor-advisory
Impacted products
Vendor Product Version
PureStorage FlashArray Affected: 5.3.17 , ≤ 5.3.21 (custom)
Affected: 6.1.8 , ≤ 6.1.25 (custom)
Affected: 6.0.7 , ≤ 6.0.9 (custom)
Affected: 6.2.0 , ≤ 6.2.17 (custom)
Affected: 6.3.0 , ≤ 6.3.14 (custom)
Affected: 6.4.0 , ≤ 6.4.10 (custom)
Affected: 6.5.0 (custom)
Create a notification for this product.
purestorage flasharray Affected: 5.3.17 , ≤ 5.3.21 (custom)
Affected: 6.0.7 , ≤ 6.0.9 (custom)
Affected: 6.1.8 , ≤ 6.1.25 (custom)
Affected: 6.2.0 , ≤ 6.2.17 (custom)
Affected: 6.3.0 , ≤ 6.3.14 (custom)
Affected: 6.4.0 , ≤ 6.4.10 (custom)
Affected: 6.5.0
    cpe:2.3:a:purestorage:flasharray:5.3.17:*:*:*:*:*:*:*
    cpe:2.3:a:purestorage:flasharray:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:purestorage:flasharray:6.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:purestorage:flasharray:6.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:purestorage:flasharray:6.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:purestorage:flasharray:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:purestorage:flasharray:6.5.0:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:purestorage:flasharray:5.3.17:*:*:*:*:*:*:*",
              "cpe:2.3:a:purestorage:flasharray:6.0.7:*:*:*:*:*:*:*",
              "cpe:2.3:a:purestorage:flasharray:6.1.8:*:*:*:*:*:*:*",
              "cpe:2.3:a:purestorage:flasharray:6.2.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:purestorage:flasharray:6.3.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:purestorage:flasharray:6.4.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:purestorage:flasharray:6.5.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "flasharray",
            "vendor": "purestorage",
            "versions": [
              {
                "lessThanOrEqual": "5.3.21",
                "status": "affected",
                "version": "5.3.17",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "6.0.9",
                "status": "affected",
                "version": "6.0.7",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "6.1.25",
                "status": "affected",
                "version": "6.1.8",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "6.2.17",
                "status": "affected",
                "version": "6.2.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "6.3.14",
                "status": "affected",
                "version": "6.3.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "6.4.10",
                "status": "affected",
                "version": "6.4.0",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "6.5.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-0003",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-24T13:17:50.484476Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-24T13:28:44.669Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Purity"
          ],
          "product": "FlashArray",
          "vendor": "PureStorage",
          "versions": [
            {
              "lessThanOrEqual": "5.3.21",
              "status": "affected",
              "version": "5.3.17",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.1.25",
              "status": "affected",
              "version": "6.1.8",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.0.9",
              "status": "affected",
              "version": "6.0.7",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.2.17",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.3.14",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.4.10",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "6.5.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-23T17:34:27.686Z",
        "orgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
        "shortName": "PureStorage"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://purestorage.com/security"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Affected customers will need to apply a self-service patch bundle or upgrade their Purity to an unaffected Purity version.\n\u003cbr\u003e\n\u003cbr\u003eThis issue is resolved in the following\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;FlashArray Purity \u003c/span\u003e releases:\n\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePurity//FA versions 6.3.15 or later \u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePurity//FA versions 6.5.1 or later \u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePurity//FA versions 6.6.1 or later.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"
            }
          ],
          "value": "Affected customers will need to apply a self-service patch bundle or upgrade their Purity to an unaffected Purity version.\n\n\n\nThis issue is resolved in the following\u00a0FlashArray Purity  releases:\n\n  *  Purity//FA versions 6.3.15 or later \n  *  Purity//FA versions 6.5.1 or later \n  *  Purity//FA versions 6.6.1 or later."
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
    "assignerShortName": "PureStorage",
    "cveId": "CVE-2024-0003",
    "datePublished": "2024-09-23T17:27:30.114Z",
    "dateReserved": "2023-11-01T17:10:16.737Z",
    "dateUpdated": "2024-09-24T13:28:44.669Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-53908 (GCVE-0-2023-53908)

Vulnerability from cvelistv5 – Published: 2025-12-17 22:44 – Updated: 2026-04-07 14:07
VLAI
Title
HiSecOS 04.0.01 Privilege Escalation via User Role Modification
Summary
HiSecOS 04.0.01 contains a privilege escalation vulnerability that allows authenticated users to modify their access role through XML-based NETCONF configuration. Attackers can send crafted XML payloads to the /mops_data endpoint with a specific role value to elevate their user privileges to administrative level.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
Assigner
Impacted products
Vendor Product Version
Belden HiSecOS Affected: 04.0.01
Create a notification for this product.
Date Public
2023-06-21 00:00
Credits
dreizehnutters
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-53908",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-18T14:51:21.277692Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-18T15:04:52.934Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "HiSecOS",
          "vendor": "Belden",
          "versions": [
            {
              "status": "affected",
              "version": "04.0.01"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "dreizehnutters"
        }
      ],
      "datePublic": "2023-06-21T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eHiSecOS 04.0.01 contains a privilege escalation vulnerability that allows authenticated users to modify their access role through XML-based NETCONF configuration. Attackers can send crafted XML payloads to the /mops_data endpoint with a specific role value to elevate their user privileges to administrative level.\u003c/p\u003e"
            }
          ],
          "value": "HiSecOS 04.0.01 contains a privilege escalation vulnerability that allows authenticated users to modify their access role through XML-based NETCONF configuration. Attackers can send crafted XML payloads to the /mops_data endpoint with a specific role value to elevate their user privileges to administrative level."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-07T14:07:30.168Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "ExploitDB-51537",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/51537"
        },
        {
          "name": "Official Product Webpage",
          "tags": [
            "product"
          ],
          "url": "https://www.belden.com/products/industrial-networking-cybersecurity/software-solutions/device-software/hisecos-firewall-software"
        },
        {
          "name": "VulnCheck Advisory: HiSecOS 04.0.01 Privilege Escalation via User Role Modification",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/hisecos-privilege-escalation-via-user-role-modification"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "HiSecOS 04.0.01 Privilege Escalation via User Role Modification",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2023-53908",
    "datePublished": "2025-12-17T22:44:46.403Z",
    "dateReserved": "2025-12-16T19:22:09.994Z",
    "dateUpdated": "2026-04-07T14:07:30.168Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-52716 (GCVE-0-2023-52716)

Vulnerability from cvelistv5 – Published: 2024-04-07 09:01 – Updated: 2024-09-13 15:09
VLAI
Summary
Vulnerability of starting activities in the background in the ActivityManagerService (AMS) module. Impact: Successful exploitation of this vulnerability will affect availability.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
Assigner
Impacted products
Vendor Product Version
Huawei HarmonyOS Affected: 4.0.0
Affected: 3.1.0
Affected: 3.0.0
Affected: 2.1.0
Affected: 2.0.0
Create a notification for this product.
Huawei EMUI Affected: 13.0.0
Affected: 12.0.0
Create a notification for this product.
huawei emui Affected: 12.0.0
Affected: 13.0.0
    cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*
Create a notification for this product.
huawei harmonyos Affected: 2.0.0
Affected: 2.1.0
Affected: 3.0.0
Affected: 3.1.0
Affected: 4.0.0
    cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:huawei:harmonyos:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*
    cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:11:36.087Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://consumer.huawei.com/en/support/bulletin/2024/4/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://https://device.harmonyos.com/en/docs/security/update/security-bulletins-202404-0000001880501689"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*",
              "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "emui",
            "vendor": "huawei",
            "versions": [
              {
                "status": "affected",
                "version": "12.0.0"
              },
              {
                "status": "affected",
                "version": "13.0.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*",
              "cpe:2.3:o:huawei:harmonyos:2.1.0:*:*:*:*:*:*:*",
              "cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*",
              "cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*",
              "cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "harmonyos",
            "vendor": "huawei",
            "versions": [
              {
                "status": "affected",
                "version": "2.0.0"
              },
              {
                "status": "affected",
                "version": "2.1.0"
              },
              {
                "status": "affected",
                "version": "3.0.0"
              },
              {
                "status": "affected",
                "version": "3.1.0"
              },
              {
                "status": "affected",
                "version": "4.0.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-52716",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-14T19:05:03.166002Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-13T15:09:48.227Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "HarmonyOS",
          "vendor": "Huawei",
          "versions": [
            {
              "status": "affected",
              "version": "4.0.0"
            },
            {
              "status": "affected",
              "version": "3.1.0"
            },
            {
              "status": "affected",
              "version": "3.0.0"
            },
            {
              "status": "affected",
              "version": "2.1.0"
            },
            {
              "status": "affected",
              "version": "2.0.0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EMUI",
          "vendor": "Huawei",
          "versions": [
            {
              "status": "affected",
              "version": "13.0.0"
            },
            {
              "status": "affected",
              "version": "12.0.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Vulnerability of starting activities in the background in the ActivityManagerService (AMS) module.\u003cbr\u003eImpact: Successful exploitation of this vulnerability will affect availability."
            }
          ],
          "value": "Vulnerability of starting activities in the background in the ActivityManagerService (AMS) module.\nImpact: Successful exploitation of this vulnerability will affect availability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-07T09:01:32.933Z",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "url": "https://consumer.huawei.com/en/support/bulletin/2024/4/"
        },
        {
          "url": "https://https://device.harmonyos.com/en/docs/security/update/security-bulletins-202404-0000001880501689"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2023-52716",
    "datePublished": "2024-04-07T09:01:32.933Z",
    "dateReserved": "2024-03-27T03:37:42.326Z",
    "dateUpdated": "2024-09-13T15:09:48.227Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-52543 (GCVE-0-2023-52543)

Vulnerability from cvelistv5 – Published: 2024-04-08 08:49 – Updated: 2024-11-07 16:03
VLAI
Summary
Permission verification vulnerability in the system module. Impact: Successful exploitation of this vulnerability will affect availability.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
Assigner
Impacted products
Vendor Product Version
Huawei HarmonyOS Affected: 4.0.0
Affected: 3.1.0
Affected: 3.0.0
Affected: 2.1.0
Affected: 2.0.0
Create a notification for this product.
Huawei EMUI Affected: 13.0.0
Affected: 12.0.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 6.2,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-52543",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-16T19:39:59.047820Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-07T16:03:30.857Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:03:20.786Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://consumer.huawei.com/en/support/bulletin/2024/3/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202403-0000001667644725"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "HarmonyOS",
          "vendor": "Huawei",
          "versions": [
            {
              "status": "affected",
              "version": "4.0.0"
            },
            {
              "status": "affected",
              "version": "3.1.0"
            },
            {
              "status": "affected",
              "version": "3.0.0"
            },
            {
              "status": "affected",
              "version": "2.1.0"
            },
            {
              "status": "affected",
              "version": "2.0.0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EMUI",
          "vendor": "Huawei",
          "versions": [
            {
              "status": "affected",
              "version": "13.0.0"
            },
            {
              "status": "affected",
              "version": "12.0.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Permission verification vulnerability in the system module.\u003cbr\u003eImpact: Successful exploitation of this vulnerability will affect availability."
            }
          ],
          "value": "Permission verification vulnerability in the system module.\nImpact: Successful exploitation of this vulnerability will affect availability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-08T08:49:44.807Z",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "url": "https://consumer.huawei.com/en/support/bulletin/2024/3/"
        },
        {
          "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202403-0000001667644725"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2023-52543",
    "datePublished": "2024-04-08T08:49:44.807Z",
    "dateReserved": "2024-02-27T03:41:51.381Z",
    "dateUpdated": "2024-11-07T16:03:30.857Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-52209 (GCVE-0-2023-52209)

Vulnerability from cvelistv5 – Published: 2024-08-01 21:04 – Updated: 2026-04-28 16:09
VLAI
Title
WordPress WPForms User Registration plugin <= 2.1.0 - Authenticated Privilege Escalation vulnerability
Summary
Improper Privilege Management vulnerability in WPForms, LLC. WPForms User Registration allows Privilege Escalation.This issue affects WPForms User Registration: from n/a through 2.1.0.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
Vendor Product Version
WPForms, LLC. WPForms User Registration Affected: n/a , ≤ 2.1.0 (custom)
Create a notification for this product.
wpforms wpforms_user_registration Affected: 0 , ≤ 2.1.0 (custom)
    cpe:2.3:a:wpforms:wpforms_user_registration:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Rafie Muhammad (Patchstack)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:wpforms:wpforms_user_registration:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wpforms_user_registration",
            "vendor": "wpforms",
            "versions": [
              {
                "lessThanOrEqual": "2.1.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52209",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-02T14:14:10.799081Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:41:56.141Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "WPForms User Registration",
          "vendor": "WPForms, LLC.",
          "versions": [
            {
              "changes": [
                {
                  "at": "2.1.2",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "2.1.0",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Rafie Muhammad (Patchstack)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Privilege Management vulnerability in WPForms, LLC. WPForms User Registration allows Privilege Escalation.\u003cp\u003eThis issue affects WPForms User Registration: from n/a through 2.1.0.\u003c/p\u003e"
            }
          ],
          "value": "Improper Privilege Management vulnerability in WPForms, LLC. WPForms User Registration allows Privilege Escalation.This issue affects WPForms User Registration: from n/a through 2.1.0."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-28T16:09:06.981Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/wpforms-user-registration/wordpress-wpforms-user-registration-plugin-2-1-0-authenticated-privilege-escalation-vulnerability?_s_id=cve"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to 2.1.2 or a higher version."
            }
          ],
          "value": "Update to 2.1.2 or a higher version."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WordPress WPForms User Registration plugin \u003c= 2.1.0 - Authenticated Privilege Escalation vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2023-52209",
    "datePublished": "2024-08-01T21:04:10.671Z",
    "dateReserved": "2023-12-29T12:26:03.424Z",
    "dateUpdated": "2026-04-28T16:09:06.981Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation MIT-1
Architecture and Design Operation

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Mitigation MIT-48
Architecture and Design

Strategy: Separation of Privilege

Follow the principle of least privilege when assigning access rights to entities in a software system.

Mitigation MIT-49
Architecture and Design

Strategy: Separation of Privilege

Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.

CAPEC-122: Privilege Abuse

An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.

CAPEC-233: Privilege Escalation

An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.

CAPEC-58: Restful Privilege Elevation

An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.