PT-2024-21241 · Dell · Dell Grab For Windows
Published
2024-03-26
·
Updated
2024-03-27
·
CVE-2024-25957
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Dell Grab for Windows versions 5.0.4 and below
Description
The issue concerns a cleartext storage of sensitive information in the appsync module. An authenticated local attacker could potentially exploit this, leading to information disclosure that could be used to access the appsync application with elevated privileges.
Recommendations
For versions 5.0.4 and below, consider restricting access to the appsync module to minimize the risk of exploitation until a patch is available. As a temporary workaround, disabling the appsync module could help prevent information disclosure.
Fix
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dell Grab For Windows