CVE-2024-28964

HIGH

Dell Common Event Enabler < 8.9.10.0 - Unauthenticated Deserialization of Untrusted Data via CAVATools

Title source: llm

Description

Dell Common Event Enabler, version 8.9.10.0 and prior, contain an insecure deserialization vulnerability in CAVATools. A local unauthenticated attacker could potentially exploit this vulnerability, leading to arbitrary code execution in the context of the logged in user. Exploitation of this issue requires a victim to open a malicious file.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://www.dell.com/support/kbdoc/en-us/000224987/dsa-2024-179-security-update-for-dell-emc-common-event-enabler-windows-for-cavatools-vulnerabilities

Scores

CVSS v3 7.8

EPSS 0.0015

EPSS Percentile 35.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-502

Status published

Products (1)

dell/common_event_enabler < 8.9.10.0

Published Jun 12, 2024

Tracked Since Feb 18, 2026