CVE-2024-49596 - Vulnerability Details - OpenCVE

ReportizFlow

Dell Wyse Management Suite, version WMS 4.4 and prior, contain a Missing Authorization vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service and arbitrary file deletion

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Dell	Dell Wyse Management Suite Repository Wyse Management Suite

Configuration 1 [-]

cpe:2.3:a:dell:wyse_management_suite:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.dell.com/support/kbdoc/en-us/000244453/dsa-2024-440

History

Tue, 04 Feb 2025 18:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:dell:wyse_management_suite::::::::

Tue, 26 Nov 2024 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Dell Dell dell Wyse Management Suite Repository Dell wyse Management Suite
CPEs		cpe:2.3:a:dell:dell_wyse_management_suite_repository:::::::: cpe:2.3:a:dell:wyse_management_suite:-:::::::*
Vendors & Products		Dell Dell dell Wyse Management Suite Repository Dell wyse Management Suite
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 26 Nov 2024 03:15:00 +0000

Type	Values Removed	Values Added
Description		Dell Wyse Management Suite, version WMS 4.4 and prior, contain a Missing Authorization vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service and arbitrary file deletion
Weaknesses		CWE-862
References		https://www.dell.com/support/kbdoc/en-us/000244453/dsa-2024-440
Metrics		cvssV3_1 `{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2024-11-26T02:56:14.374Z

Updated: 2024-11-26T15:01:30.503Z

Reserved: 2024-10-17T05:03:48.987Z

Link: CVE-2024-49596

Vulnrichment

Updated: 2024-11-26T15:01:22.855Z

NVD

Status : Analyzed

Published: 2024-11-26T03:15:06.570

Modified: 2025-02-04T18:09:00.500

Link: CVE-2024-49596

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-49596", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2024-10-17T05:03:48.987Z", "datePublished": "2024-11-26T02:56:14.374Z", "dateUpdated": "2024-11-26T15:01:30.503Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Wyse Management Suite", "vendor": "Dell", "versions": [{"lessThanOrEqual": "4.4", "status": "affected", "version": "N/A", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Wyse Management Suite Repository", "vendor": "Dell", "versions": [{"lessThanOrEqual": "4.4", "status": "affected", "version": "N/A", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Dell Technologies would like to thank Ahmed Y. Elmogy for reporting this issue."}], "datePublic": "2024-11-24T18:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Dell Wyse Management Suite, version WMS 4.4 and prior, contain a Missing Authorization vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service and arbitrary file deletion"}], "value": "Dell Wyse Management Suite, version WMS 4.4 and prior, contain a Missing Authorization vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service and arbitrary file deletion"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862: Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2024-11-26T02:56:14.374Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000244453/dsa-2024-440"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "dell", "product": "dell_wyse_management_suite_repository", "cpes": ["cpe:2.3:a:dell:dell_wyse_management_suite_repository:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "4.4", "versionType": "semver"}]}, {"vendor": "dell", "product": "wyse_management_suite", "cpes": ["cpe:2.3:a:dell:wyse_management_suite:-:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "4.4", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-26T14:58:41.487695Z", "id": "CVE-2024-49596", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-26T15:01:30.503Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-49596", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-26T14:58:41.487695Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:dell:dell_wyse_management_suite_repository:*:*:*:*:*:*:*:*"], "vendor": "dell", "product": "dell_wyse_management_suite_repository", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "4.4"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:dell:wyse_management_suite:-:*:*:*:*:*:*:*"], "vendor": "dell", "product": "wyse_management_suite", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "4.4"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-26T15:01:22.855Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Dell Technologies would like to thank Ahmed Y. Elmogy for reporting this issue."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dell", "product": "Wyse Management Suite", "versions": [{"status": "affected", "version": "N/A", "versionType": "semver", "lessThanOrEqual": "4.4"}], "defaultStatus": "unaffected"}, {"vendor": "Dell", "product": "Wyse Management Suite Repository", "versions": [{"status": "affected", "version": "N/A", "versionType": "semver", "lessThanOrEqual": "4.4"}], "defaultStatus": "unaffected"}], "datePublic": "2024-11-24T18:30:00.000Z", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000244453/dsa-2024-440", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Dell Wyse Management Suite, version WMS 4.4 and prior, contain a Missing Authorization vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service and arbitrary file deletion", "supportingMedia": [{"type": "text/html", "value": "Dell Wyse Management Suite, version WMS 4.4 and prior, contain a Missing Authorization vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service and arbitrary file deletion", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862: Missing Authorization"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2024-11-26T02:56:14.374Z"}}}, "cveMetadata": {"cveId": "CVE-2024-49596", "state": "PUBLISHED", "dateUpdated": "2024-11-26T15:01:30.503Z", "dateReserved": "2024-10-17T05:03:48.987Z", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "datePublished": "2024-11-26T02:56:14.374Z", "assignerShortName": "dell"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:wyse_management_suite:*:*:*:*:*:*:*:*", "matchCriteriaId": "F90BCF08-BFA4-4AD8-8057-6A8B14C938B2", "versionEndIncluding": "4.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell Wyse Management Suite, version WMS 4.4 and prior, contain a Missing Authorization vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service and arbitrary file deletion"}, {"lang": "es", "value": "Dell Wyse Management Suite, versi\u00f3n WMS 4.4 y anteriores, contiene una vulnerabilidad de falta de autorizaci\u00f3n. Un atacante con privilegios elevados y acceso remoto podr\u00eda aprovechar esta vulnerabilidad, lo que provocar\u00eda una denegaci\u00f3n de servicio y la eliminaci\u00f3n arbitraria de archivos."}], "id": "CVE-2024-49596", "lastModified": "2025-02-04T18:09:00.500", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 5.2, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.2, "source": "[email protected]", "type": "Primary"}]}, "published": "2024-11-26T03:15:06.570", "references": [{"source": "[email protected]", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000244453/dsa-2024-440"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "[email protected]", "type": "Secondary"}]}