CVE Catalog

CVE-2024-47477

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile — higher than 2% of all known CVEs

Summary

Dell PowerFlex Manager, versions prior to 4.5.1.1, contain an improper certificate validation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability leading to man-in-the-middle attack in tandem with DNS cache poisoning.

Risk Assessment

The organization may be exposed to attacks that could lead to data interception or communication manipulation. Exploitation of this vulnerability could result in serious consequences for data security.

Recommendation

It is recommended to update Dell PowerFlex Manager to version 4.5.1.1 or later to mitigate this vulnerability. Additionally, conducting a security audit of the system is advisable.

Original NVD description (English source)

Dell PowerFlex Manager, versions prior to 4.5.1.1, contain an improper certificate validation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability leading to man-in-the-middle attack in tandem with DNS cache poisoning.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS