CVE-2024-25956

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-25956
Dell Grab for Windows, versions 5.0.4 and below, contains an improper file permissions vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the information disclosure of certain system information.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.dell.com/support/kbdoc/en-us/000223508/dsa-2024-121-security-update-for-grab-for-windows-vulnerabilities Vendor Advisory
https://www.dell.com/support/kbdoc/en-us/000223508/dsa-2024-121-security-update-for-grab-for-windows-vulnerabilities Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:dell:grab:*:*:*:*:*:windows:*:*
History

28 Jan 2025, 18:47

Type Values Removed Values Added
CPE cpe:2.3:a:dell:grab:*:*:*:*:*:windows:*:*
First Time Dell grab
Dell
References () https://www.dell.com/support/kbdoc/en-us/000223508/dsa-2024-121-security-update-for-grab-for-windows-vulnerabilities - () https://www.dell.com/support/kbdoc/en-us/000223508/dsa-2024-121-security-update-for-grab-for-windows-vulnerabilities - Vendor Advisory

21 Nov 2024, 09:01

Type Values Removed Values Added
Summary
  • (es) Dell Grab para Windows, versiones 5.0.4 y anteriores, contiene una vulnerabilidad de permisos de archivos inadecuados. Un atacante autenticado localmente podría explotar esta vulnerabilidad, lo que llevaría a la divulgación de cierta información del sistema.
References () https://www.dell.com/support/kbdoc/en-us/000223508/dsa-2024-121-security-update-for-grab-for-windows-vulnerabilities - () https://www.dell.com/support/kbdoc/en-us/000223508/dsa-2024-121-security-update-for-grab-for-windows-vulnerabilities -

26 Mar 2024, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-03-26 16:15

Updated : 2025-01-28 18:47

NVD link : CVE-2024-25956

Mitre link : CVE-2024-25956

CVE.ORG link : CVE-2024-25956

JSON object : View

Products Affected

dell

  • grab
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource