CVE-2024-47477
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk2th percentile — higher than 2% of all known CVEs
Summary
Dell PowerFlex Manager, versions prior to 4.5.1.1, contain an improper certificate validation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability leading to man-in-the-middle attack in tandem with DNS cache poisoning.
Risk Assessment
The organization may be exposed to attacks that could lead to data interception or communication manipulation. Exploitation of this vulnerability could result in serious consequences for data security.
Recommendation
It is recommended to update Dell PowerFlex Manager to version 4.5.1.1 or later to mitigate this vulnerability. Additionally, conducting a security audit of the system is advisable.
Original NVD description (English source)
Dell PowerFlex Manager, versions prior to 4.5.1.1, contain an improper certificate validation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability leading to man-in-the-middle attack in tandem with DNS cache poisoning.

