CVE-2024-51540 HIGH

CVE-2024-51540

Vendor Dell
Product ECS
Weakness CWE-190
Published December 26, 2024
Last update December 26, 2024

CVSS base score

8.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

What the vulnerability does

01Description

Dell ECS, versions prior to 3.8.1.3 contains an arithmetic overflow vulnerability exists in retention period handling of ECS. An authenticated user with bucket or object-level access and the necessary privileges could potentially exploit this vulnerability to bypass retention policies and delete objects.

Key dates

02Disclosure timeline

December 26, 2024 CVE published
December 26, 2024 Record updated