CVE-2024-0157

Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in SRM Windows Host Agent. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to the hijack of a targeted user's application session.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-nz/000224070/dsa-2024-143-dell-storage-resource-manager-srm-and-dell-storage-monitoring-and-reporting-smr-security-update-for-multiple-third-party-component-vulnerabilities	Vendor Advisory
https://www.dell.com/support/kbdoc/en-nz/000224070/dsa-2024-143-dell-storage-resource-manager-srm-and-dell-storage-monitoring-and-reporting-smr-security-update-for-multiple-third-party-component-vulnerabilities	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:dell:storage_monitoring_and_reporting::::::::
	cpe:2.3:a:dell:storage_resource_manager::::::::

History

04 Feb 2025, 17:08

Type	Values Removed	Values Added
CWE		CWE-384
CPE		cpe:2.3:a:dell:storage_resource_manager:::::::: cpe:2.3:a:dell:storage_monitoring_and_reporting::::::::
References	() https://www.dell.com/support/kbdoc/en-nz/000224070/dsa-2024-143-dell-storage-resource-manager-srm-and-dell-storage-monitoring-and-reporting-smr-security-update-for-multiple-third-party-component-vulnerabilities -	() https://www.dell.com/support/kbdoc/en-nz/000224070/dsa-2024-143-dell-storage-resource-manager-srm-and-dell-storage-monitoring-and-reporting-smr-security-update-for-multiple-third-party-component-vulnerabilities - Vendor Advisory
First Time		Dell storage Resource Manager Dell Dell storage Monitoring And Reporting

Information

Published : 2024-04-12 17:17

Updated : 2025-02-04 17:08

NVD link : CVE-2024-0157

Mitre link : CVE-2024-0157

CVE.ORG link : CVE-2024-0157

JSON object : View

Products Affected

dell

storage_resource_manager
storage_monitoring_and_reporting

CWE

CWE-400

Uncontrolled Resource Consumption

CWE-384

Session Fixation

{"id": "CVE-2024-0157", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-04-12T17:17:21.027", "references": [{"url": "https://www.dell.com/support/kbdoc/en-nz/000224070/dsa-2024-143-dell-storage-resource-manager-srm-and-dell-storage-monitoring-and-reporting-smr-security-update-for-multiple-third-party-component-vulnerabilities", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}, {"url": "https://www.dell.com/support/kbdoc/en-nz/000224070/dsa-2024-143-dell-storage-resource-manager-srm-and-dell-storage-monitoring-and-reporting-smr-security-update-for-multiple-third-party-component-vulnerabilities", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-400"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-384"}]}], "descriptions": [{"lang": "en", "value": "Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in SRM Windows Host Agent. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to the hijack of a targeted user's application session."}, {"lang": "es", "value": "Dell Storage Resource Manager, 4.9.0.0 y anteriores, contiene una vulnerabilidad de reparaci\u00f3n de sesi\u00f3n en SRM Windows Host Agent. Un atacante no autenticado de una red adyacente podr\u00eda explotar esta vulnerabilidad, lo que provocar\u00eda el secuestro de la sesi\u00f3n de la aplicaci\u00f3n del usuario objetivo."}], "lastModified": "2025-02-04T17:08:51.867", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:storage_monitoring_and_reporting:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E989E84-288F-453A-93A1-804A7C3C6377", "versionEndExcluding": "5.0.0.0"}, {"criteria": "cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3678B513-2DAF-4951-B905-4532DB067EBB", "versionEndExcluding": "5.0.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}