CVE-2024-51532

Published: Dec 19, 2024Modified: Jan 29, 2025

7.1

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Exploitability: 1.8 / Impact: 5.2

Source: NVD

Description

Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files.

Affected (1)

Products: Dell: Powerstoreos

Dell

1 product

Powerstoreos

Configuration A

1 vulnerable · 11 platform

Vulnerable Software	Affected Versions
Dell Powerstoreos	Before 4.0.1.0-2408234

Running on/with	Platform Versions
Dell Powerstore 1000t	All versions
Dell Powerstore 1200t	All versions
Dell Powerstore 3000t	All versions
Dell Powerstore 3200q	All versions
Dell Powerstore 3200t	All versions
Dell Powerstore 5000t	All versions
Dell Powerstore 500t	All versions
Dell Powerstore 5200t	All versions
Dell Powerstore 7000t	All versions
Dell Powerstore 9000t	All versions
Dell Powerstore 9200t	All versions

Related CWEs

CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.

References (1)

https://www.dell.com/support/kbdoc/en-ie/000250483/dsa-2024-462-dell-powerstore-t-security-update-for-multiple-vulnerabilities

Source: security_alert@emc.com

Vendor Advisory

Timeline

No history available yet.