CVE-2024-47477

Summary

Dell PowerFlex Manager, versions prior to 4.5.1.1, contain an improper certificate validation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability leading to man-in-the-middle attack in tandem with DNS cache poisoning.

Affected Software

VendorProductVersion RangeStatus
DellPowerFlex Manager0 < 5.1.0.1 or lateraffected
DellPowerFlex Manager0 < 4.5.5.2 or lateraffected

Weaknesses

  • CWE-295: CWE-295: Improper Certificate Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References