CVE-2024-25964

EPSS 0.44%
Veröffentlicht 25.03.2024 09:15:09
Zuletzt bearbeitet 09.01.2025 16:44:51
Quelle security_alert@emc.com
CVE-Watchlists
Login
Unerledigt
Login

Dell PowerScale OneFS 9.5.0.x through 9.7.0.x contain a covert timing channel vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dell ≫ Powerscale Onefs Version >= 9.5.0.0 < 9.5.0.7

Dell ≫ Powerscale Onefs Version >= 9.6.1 < 9.7.0.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.44%	0.624

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
security_alert@emc.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-385 Covert Timing Channel

Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.

https://www.dell.com/support/kbdoc/en-us/000222691/dsa-2024-062-security-update-for-dell-powerscale-onefs-for-proprietary-code-vulnerabilities

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-25964

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-25964

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-25964

EUVD