Dell Alienware Command Center up to 5.7.3.0 insufficient isolation of symbolic constant definitions
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.1 | $0-$5k | 0.00 |
Summary
A vulnerability described as critical has been identified in Dell Alienware Command Center up to 5.7.3.0. The affected element is an unknown function. Executing a manipulation can lead to insufficient isolation of symbolic constant definitions. The identification of this vulnerability is CVE-2024-38301. The attack can only be executed locally. There is no exploit available. Upgrading the affected component is recommended.
Details
A vulnerability was found in Dell Alienware Command Center up to 5.7.3.0. It has been declared as critical. This vulnerability affects an unknown code block. The manipulation with an unknown input leads to a insufficient isolation of symbolic constant definitions vulnerability. The CWE definition for the vulnerability is CWE-1107. The source code uses symbolic constants, but it does not
sufficiently place the definitions of these constants into a more centralized or
isolated location. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:
Dell Alienware Command Center, version 5.7.3.0 and prior, contains an improper access control vulnerability. A low privileged attacker could potentially exploit this vulnerability, leading to denial of service on the local system and information disclosure.
The advisory is shared for download at dell.com. This vulnerability was named CVE-2024-38301 since 06/13/2024. The exploitation appears to be difficult. The attack needs to be approached locally. There are neither technical details nor an exploit publicly available.
Upgrading to version 5.8.2.0 eliminates this vulnerability.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Product
Vendor
Name
Version
License
Website
- Vendor: https://www.dell.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.2VulDB Meta Temp Score: 7.1
VulDB Base Score: 7.0
VulDB Temp Score: 6.7
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 7.8
NVD Vector: 🔍
CNA Base Score: 6.7
CNA Vector (dell): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Insufficient isolation of symbolic constant definitionsCWE: CWE-1107
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Partially
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Alienware Command Center 5.8.2.0
Timeline
06/13/2024 🔍07/10/2024 🔍
07/10/2024 🔍
08/09/2024 🔍
Sources
Vendor: dell.comAdvisory: dsa-2024-258
Status: Confirmed
CVE: CVE-2024-38301 (🔍)
GCVE (CVE): GCVE-0-2024-38301
GCVE (VulDB): GCVE-100-271024
Entry
Created: 07/10/2024 07:59Updated: 08/09/2024 04:54
Changes: 07/10/2024 07:59 (63), 07/11/2024 02:06 (1), 08/09/2024 04:54 (11)
Complete: 🔍
Cache ID: 216::103
VulDB is the best source for vulnerability data and more expert information about this specific topic.
No comments yet. Languages: en.
Please log in to comment.