CVE-2024-28964

HIGH

Dell Common Event Enabler < 8.9.10.0 - Insecure Deserialization

Title source: rule

Description

Dell Common Event Enabler, version 8.9.10.0 and prior, contain an insecure deserialization vulnerability in CAVATools. A local unauthenticated attacker could potentially exploit this vulnerability, leading to arbitrary code execution in the context of the logged in user. Exploitation of this issue requires a victim to open a malicious file.

References (1)

[Vendor Advisory] https://www.dell.com/support/kbdoc/en-us/000224987/dsa-2024-179-security-update-for-dell-emc-common-event-enabler-windows-for-cavatools-vulnerabilities

Scores

CVSS v3 7.8

EPSS 0.0015

EPSS Percentile 35.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (1)

dell/common_event_enabler < 8.9.10.0

Timeline

Published Jun 12, 2024

Tracked Since Feb 18, 2026