CVE-2024-42427 | THREATINT

Description

Dell ThinOS versions 2402 and 2405, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Elevation of privileges.

PUBLISHED Reserved 2024-08-01 | Published 2024-09-10 | Updated 2024-09-10 | Assigner dell

HIGH: 7.6CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')

Product status

Default status

unaffected

Dell ThinOS 2402

affected

Dell ThinOS 2405

affected

Credits

Dell would like to thank REQON for reporting this issue finder

References

www.dell.com/support/kbdoc/en-us/000228350/dsa-2024-386 vendor-advisory

cve.org (CVE-2024-42427)

nvd.nist.gov (CVE-2024-42427)

Download JSON