CVE-2024-0157

MEDIUM

Dell Storage Resource Manager <4.9.0.0 - Privilege Escalation

Title source: llm

Description

Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in SRM Windows Host Agent. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to the hijack of a targeted user's application session.

References (1)

[Vendor Advisory] https://www.dell.com/support/kbdoc/en-nz/000224070/dsa-2024-143-dell-storage-resource-manager-srm-and-dell-storage-monitoring-and-reporting-smr-security-update-for-multiple-third-party-component-vulnerabilities

Scores

CVSS v3 5.9

EPSS 0.0016

EPSS Percentile 36.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-400 CWE-384

Status published

Products (2)

dell/storage_monitoring_and_reporting < 5.0.0.0

dell/storage_resource_manager < 5.0.0.0

Published Apr 12, 2024

Tracked Since Feb 18, 2026